diff options
Diffstat (limited to 'ChangeLog')
-rw-r--r-- | ChangeLog | 32291 |
1 files changed, 32291 insertions, 0 deletions
diff --git a/ChangeLog b/ChangeLog new file mode 100644 index 0000000..698cda5 --- /dev/null +++ b/ChangeLog @@ -0,0 +1,32291 @@ +2022-10-10 Werner Koch <wk@gnupg.org> + + Release 2.2.40. + + commit 2e9f8a511dc01ef9ffc59c90f1cb5082e052da06 + + + gpg: For de-vs use AES-128 instead of 3DES as implicit preference. + + commit 5df1c247be5223343668f9a56eb5f8290c954b6e + * g10/pkclist.c (select_algo_from_prefs): Change implicit cipher + algorithm. + +2022-10-10 Ingo Klöcker <dev@ingo-kloecker.de> + + sm: Fix reporting of bad passphrase error. + + commit 94092793f6a23bbd93c7a26add4d1a23a6f9acb7 + * sm/minip12.c (p12_parse): Set badpass flag to result in ctx. + +2022-10-07 Werner Koch <wk@gnupg.org> + + wkd: Implement --blacklist option for gpg-wks-client. + + commit cd020284c9cf352e02e85c52884fc7d56b0f4ec9 + * tools/gpg-wks-client.c (blacklist_array, blacklist_array_len): New. + (parse_arguments): Install blacklist. + (read_file): New. + (cmp_blacklist, add_blacklist, is_in_blacklist): New. + (mirror_one_key): Check list. + * tools/gpg-wks.h (opt): Remove field blacklist. + + wkd: Restrict gpg-wks-client --mirror to the given domains. + + commit 88042821d81b93b793ddf67546bb6697d8a6881f + * tools/gpg-wks-client.c (domain_matches_mbox): New. + (mirror_one_key): Skip non-matching domains. + (command_mirror): Change args to allow for several domains. + + wkd: Silence gpg-wks-client diagnostics from gpg. + + commit b18b9b972e2da2fd30c4bfd64c2c6b09213bd1cf + * tools/gpg-wks-client.c (add_user_id): PAss --quiet to gpg unless we + are running in double verbose mode. + (decrypt_stream): Ditto + (encrypt_response): Ditto. + (mirror_one_keys_userid): Ditto. + * tools/wks-util.c (wks_get_key): Ditto. + (wks_list_key): Ditto. + (wks_filter_uid): Ditto. + + (cherry picked from commit 4364283f757fceab454d48d461a9f88c31247a07) + + wkd: New command --mirror for gpg-wks-client. + + commit a946343f14752ab06f1a62762e4a5a9203d38d55 + * tools/gpg-wks-client.c (aMirror,oBlacklist,oNoAutostart): New. + (opts): Add --mirror, --no-autostart, and --blacklist. + (parse_arguments): Parse new options. + (main): Implement aMirror. + (mirror_one_key_parm): New. + (mirror_one_keys_userid, mirror_one_key): New. + (command_mirror): New. + + * tools/gpg-wks.h (struct uidinfo_list_s): Add fields flags. + * tools/wks-util.c (wks_cmd_install_key): Factor some code out to ... + (wks_install_key_core): new. + + * tools/call-dirmngr.c (wkd_dirmngr_ks_get): New. + + common: Protect against a theoretical integer overflow in tlv.c. + + commit c300253181cfc591cbcae9251eda5296ed29591b + * common/tlv.c (parse_ber_header): Protect agains integer overflow. + + dirmngr: Support paged LDAP mode for KS_GET. + + commit a70a3204c24a00e688224ee24575be6e523d42ce + * dirmngr/ks-engine-ldap.c (PAGE_SIZE): New. + (struct ks_engine_ldap_local_s): Add several new fields. + (ks_ldap_clear_state): Release them. + (search_and_parse): Factored out from ks_ldap_get and extended to + support the paged mode. + (ks_ldap_get): Implement the pages mode for --first and --next. + * dirmngr/server.c (cmd_ks_get): Provide a dummy passphrase in --first + mode. + * dirmngr/Makefile.am (dirmngr_LDADD): Add LBER_LIBS. + + dirmngr: New options --first and --next for KS_GET. + + commit 20cb9319d998fb4eb3c096ca7d534706d4afc10a + * dirmngr/server.c (cmd_ks_get): Add option --first and --next. + (start_command_handler): Free that new ldap state. + * dirmngr/ks-engine-ldap.c (struct ks_engine_ldap_local_s): New. + (ks_ldap_new_state, ks_ldap_clear_state): New. + (ks_ldap_free_state): New. + (return_one_keyblock): New. Mostly factored out from .... + (ks_ldap_get): here. Implement --first/--next feature. + + * dirmngr/ks-action.c (ks_action_get): Rename arg ldap_only to + ks_get_flags. + * dirmngr/ks-engine.h (KS_GET_FLAG_ONLY_LDAP): New. + (KS_GET_FLAG_FIRST): New. + (KS_GET_FLAG_NEXT): New. + + * dirmngr/dirmngr.h (struct server_control_s): Add member + ks_get_state. + (struct ks_engine_ldap_local_s): New forward reference. + + gpg: Show just keyserver and port with --send-keys. + + commit 2b2f8a1a0ca12e9903df3f20955f16e206a0c976 + * g10/call-dirmngr.c (ks_status_cb): Mangle the keyserver url + + dirmngr: Minor fix for baseDN fallback. + + commit 4cf8dc2d968f966d99ec3db4ee40a1ff5321d5a7 + * dirmngr/ks-engine-ldap.c (my_ldap_connect): Avoid passing data + behind the EOS. + (interrogate_ldap_dn): Stylistic change. + +2022-10-07 NIIBE Yutaka <gniibe@fsij.org> + + dirnmgr: Fix the function prototype. + + commit 73cc5e073ce9e153cacdb020b15b2abc5e2cf8b2 + * dirmngr/ldap-wrapper.c (ldap_wrapper_wait_connections): It's with + no arguments. + + dirmngr: Change interrogate_ldap_dn for better memory semantics. + + commit 98fbac614105b5690d57b4268c6792f4f3538bd5 + * dirmngr/ks-engine-ldap.c (interrogate_ldap_dn): Return BASEDN found, + memory allocated. + (my_ldap_connect): Follow the change, removing needless allocation. + +2022-10-07 Joey Berkovitz <joeyberkovitz@gmail.com> + + dirmngr: Interrogate LDAP server when base DN specified. + + commit 5516f92224b6baf6d100d58fc273018bdac173f8 + * dirmngr/ks-engine-ldap.c (my_ldap_connect): interrogate LDAP + server when basedn specified. + +2022-10-07 Werner Koch <wk@gnupg.org> + + dirmngr: Support gpgMailbox for mode MAILSUB and MAILEND. + + commit 615c9717c15a541b212117bfaa88d41ff724127a + * dirmngr/ks-engine-ldap.c (keyspec_to_ldap_filter): Use gpgMailbox if + server supports this. + + dirmngr: Factor out interrogate_ldap_dn function. + + commit 44960e702ee3e806331ee63c373c3f7e0931364b + * dirmngr/ks-engine-ldap.c (interrogate_ldap_dn): New. + +2022-09-29 Werner Koch <wk@gnupg.org> + + gpg: Avoid to emit a compliance mode line if libgcrypt is non-compliant. + + commit 07c6743148d4abd30fb8bf08b07eb9755fdfff2d + * g10/encrypt.c (check_encryption_compliance): Check gcrypt compliance + before emitting an ENCRYPTION_COMPLIANCE_MODE status. + +2022-09-28 Werner Koch <wk@gnupg.org> + + dirmngr: Fix lost flags during LDAP upload. + + commit 32ce7ac0c67489e206544dce93a2364c2f7d9410 + * dirmngr/ldapserver.c (ldapserver_parse_one): Turn LINE into a const. + Use strtokenize instead of strtok style parsing. + + dirmngr: New server flag "areconly" (A-record-only) + + commit 6300035ba17b4115df7139926ba55556362038ed + * dirmngr/dirmngr.h (struct ldap_server_s): Add field areconly. + * dirmngr/ldapserver.c (ldapserver_parse_one): Parse "areconly" + * dirmngr/ks-engine-ldap.c (my_ldap_connect): Implement this flag. + * dirmngr/dirmngr_ldap.c: Add option --areconly + (connect_ldap): Implement option. + * dirmngr/ldap.c (run_ldap_wrapper): Add and pass that option. + +2022-09-22 Werner Koch <wk@gnupg.org> + + gpg: Don't consider unknown keys as non-compliant while decrypting. + + commit 05b7e4a405c84da14e5f7ee04cfd3de4b0cb8290 + * g10/mainproc.c (proc_encrypted): Change compliance logic. + +2022-09-16 Werner Koch <wk@gnupg.org> + + dirmngr: Fix CRL DP error fallback to other schemes. + + commit 289fbc550d18a7f9b26c794a2409ba820811f6b3 + * dirmngr/crlcache.c (crl_cache_reload_crl): Rework the double loop. + Remove the unused issuername_uri stuff. + +2022-09-15 NIIBE Yutaka <gniibe@fsij.org> + + build: Update gpg-error.m4. + + commit ed1264e74b11c4ba7d17e6209ecf55655e2a6027 + * m4/gpg-error.m4: Update from libgpg-error. + +2022-09-02 Werner Koch <wk@gnupg.org> + + Release 2.2.39. + + commit 7c2078a680dde2eaef30a8a6dc49de4540498736 + + +2022-09-01 Werner Koch <wk@gnupg.org> + + common: Make nvc_lookup more robust. + + commit 8c22b00268bf5b2374cf7af69465a902b91946aa + * common/name-value.c (nvc_first): Allow for NULL arg. + (nvc_lookup): Allow for PK being NULL. + + Release 2.2.38. + + commit 0b786fde775588413e5c9842bca3a3d8ea06fad5 + + +2022-08-31 Werner Koch <wk@gnupg.org> + + dirmngr: New option --debug-cache-expired-certs. + + commit ea34325c54a2746bdc2d667a1c98ab07b051cf75 + * dirmngr/dirmngr.h (opt): Add debug_cache_expired_certs: + * dirmngr/dirmngr.c (oDebugCacheExpiredCerts): New. + (opts): Add option. + (parse_rereadable_options): Set option. + * dirmngr/certcache.c (put_cert): Handle the option. + + common,w32: Fix an encoding problem of the printed timezone. + + commit 0b91fa0f13fd3644d0be137ed02e006aa05b9501 + * common/gettime.c (w32_strftime) [W32]: New function. + (strftime) [W32]: New refinition macro. + + gpg: Emit STATUS_FAILURE for --require-compliance errors. + + commit e05fb5ca3711f02eb562868dc38d30e3cccda270 + * g10/misc.c (compliance_failure): Do not fallback to CO_GNUPG. Print + compliance failure error and status for CO_DE_VS. + * g10/mainproc.c (proc_encrypted): Call compliance_failure in the + require-compliance error case. + * g10/encrypt.c (check_encryption_compliance): Ditto. + +2022-08-31 NIIBE Yutaka <gniibe@fsij.org> + + scd: Add npth_unprotect/npth_protect for blocking operations. + + commit e1169e8f8ac75ad32fccb7743ffd06803bd50f93 + * scd/ccid-driver.c (ccid_open_usb_reader): Name the thread. + (ccid_vendor_specific_setup, ccid_open_usb_reader): Wrap + blocking operations by npth_unprotect/npth_protect. + + dirmngr: Reject certificate which is not valid into cache. + + commit 14ccabe7f82f64bbf84b8a880cd8b4a34cea9061 + * dirmngr/certcache.c (put_cert): When PERMANENT, reject the + certificate which is obviously invalid. + +2022-08-31 Werner Koch <wk@gnupg.org> + + gpg: Fix assertion failure due to errors in encrypt_filter. + + commit aa0c942521d89f4f0aac90bacaf8a7a7cefc88d8 + * common/iobuf.c (iobuf_copy): Use log_assert. Explicitly cast error + return value. + * g10/build-packet.c (do_plaintext): Check for iobuf_copy error. + + * g10/encrypt.c (encrypt_filter): Immediately set header_okay. + +2022-08-30 Werner Koch <wk@gnupg.org> + + gpg: Make --require-compliance work for -se. + + commit f88cb12f8e3c1234a094d09e2505d3a3eec4cbfe + * g10/encrypt.c (encrypt_crypt, encrypt_filter): Factor common code + out to ... + (create_dek_with_warnings): new + (check_encryption_compliance): and new. + + * g10/encrypt.c (encrypt_filter): Add the compliance check. + +2022-08-29 Werner Koch <wk@gnupg.org> + + gpg: Rename a function. + + commit 15cf36f6a84deb739bef9944819c5f79f8de3334 + * g10/cipher.c (cipher_filter): Rename to cipher_file_cfb. + + gpg: Very minor cleanup in decrypt_data. + + commit 5b24c41ba72c2d06f6acc7c2ad51cf6f384d41d8 + * g10/decrypt-data.c (decrypt_data): Show also the aead algo with + --show-session-key. Remove meanwhile superfluous NULL-ptr test. + +2022-08-29 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + g10/decrypt-data: disable output estream buffering to reduce overhead. + + commit e92812a4752e56977286f96f7b5064db1e22936d + * g10/decrypt-data.c (decrypt_data): Disable estream buffering for + output file. + +2022-08-24 Werner Koch <wk@gnupg.org> + + Release 2.2.37. + + commit 8e60f885713b833dfd8cef7f5b0272df0e48d62f + + +2022-08-19 Werner Koch <wk@gnupg.org> + + gpgsm: New option --compatibility-flags. + + commit 77b6896f7a85a4b1c9cdd731e1d68d59a0e09950 + * sm/gpgsm.c (oCompatibilityFlags): New option. + (compatibility_flags): new. + (main): Parse and print them in verbose mode. + * sm/gpgsm.h (opt): Add field compat_glags.: + (COMPAT_ALLOW_KA_TO_ENCR): New. + * sm/keylist.c (print_capabilities): Take care of the new flag. + * sm/certlist.c (cert_usage_p): Ditto. + + * common/miscellaneous.c (parse_compatibility_flags): New. + * common/util.h (struct compatibility_flags_s): New. + +2022-08-17 Werner Koch <wk@gnupg.org> + + gpgconf: Make --auto-key-import and --include-key-block visible again. + + commit b356eddf3d7a1ed0fae808b9277134d50f4974af + * tools/gpgconf-comp.c: Add options. + +2022-08-16 Werner Koch <wk@gnupg.org> + + agent: Fix bug introduced earlier today. + + commit 3591112fdb013dee1a1a668c9f777d0890520311 + * agent/findkey.c (agent_write_private_key): Fix condition. + + gpg: Fix "generate" command in --card-edit. + + commit 914ee7247562dc8f1e4b8503b3b574a5d2749bde + * g10/card-util.c (get_info_for_key_operation): Get the APPTYPE before + testing for it. + + * g10/card-util.c (current_card_status): Always try to update the + shadow keys. + * g10/call-agent.c (agent_scd_getattr): Handle $AUTHKEYID. + + gpg: Update shadow-keys with --card-status also for non-openpgp cards. + + commit 2d23a72690b44528783264a93e170585a99cc774 + * agent/command.c (cmd_readkey): Also allow for $AUTHKEYID in card + mode. + * g10/call-agent.c (agent_update_shadow_keys): new. + * g10/card-util.c (current_card_status): Call it. + + agent: Let READKEY update the display-s/n of the Token entry. + + commit 755920d4335730fbf25e24342dc9c8a8a772dac3 + * agent/findkey.c (agent_write_private_key): Factor file name + generation out to ... + (fname_from_keygrip): new. + (write_extended_private_key): Add and implement new arg MAYBE_UPDATE. + (agent_write_shadow_key): Ditto. + + * agent/command.c (cmd_readkey): Update the shadow-key in card mode. + + gpg: Fix --card-status to handle lowercase APPTYPEs. + + commit 8e393e2592646f7d2a11ec32232b8f29eacdce13 + * g10/card-util.c (current_card_status): Use ascii_strcasecmp. + +2022-08-16 NIIBE Yutaka <gniibe@fsij.org> + + gpg: Fix detecting OpenPGP card by serialno. + + commit 27ae89db6e6901a8fd6f1dce50a25c1a4b845086 + * g10/card-util.c (get_info_for_key_operation): Use ->apptype to + determine card's APP. + (current_card_status): Even if its SERIALNO is not like OpenPGP card, + it's OpenPGP card when app says so. + +2022-08-16 Werner Koch <wk@gnupg.org> + + common: In private key mode write "Key:" always last in name-value. + + commit 12ad9529782df1eecf628281b8db62cafd775c4f + * common/name-value.c (nvc_write): Take care of Key. Factor some code + out to ... + (write_one_entry): new. + +2022-08-15 Werner Koch <wk@gnupg.org> + + agent: Create and use Token entries to track the display s/n. + + commit dc9b2426288e4eb6ab42aa7f731a35bc8d383b46 + * agent/divert-scd.c (linefeed_to_percent0A): New. + (ask_for_card): Add arg grip. Read Token and Label items and use + them. + (divert_pksign, divert_pkdecrypt): Pass down grip. + * agent/findkey.c (write_extended_private_key): Add args serialno, + keyref, and dispserialno. Writen Token item. + (agent_write_private_key): Add args serialno, keyref, and + dispserialno. + (read_key_file): Add arg r_keymeta. + (agent_keymeta_from_file): New. + (agent_write_shadow_key): Remove leading spaces from serialno and keyid. + * agent/protect-tool.c (agent_write_private_key): Ditto. + * agent/learncard.c (agent_handle_learn): Get DISPSERIALNO and pass to + agent_write_shadow_key. + * agent/command-ssh.c (card_key_available): Ditto. + + common: New function nve_set. + + commit 706adf669173ec604158e4a2f4337e3da6cb1e45 + * common/name-value.c (nve_set): New. + (nvc_set): Use nve_set. + (nvc_delete_named): New. + (nvc_get_string): New. + (nvc_get_boolean): New. + +2022-08-04 Werner Koch <wk@gnupg.org> + + gpg: Fix wrong error message for keytocard. + + commit f2a81e3745017072585c9999a129ee5dd0bdc6e6 + * g10/call-agent.c (agent_keytocard): Emit SC_OP_FAILURE. + +2022-08-03 Werner Koch <wk@gnupg.org> + + common: Silence warnings from AllowSetForegroundWindow. + + commit 6583abedf3f0ffe5cc8283fe683144fc1d5add40 + * common/sysutils.c (gnupg_allow_set_foregound_window): Print warning + only with debug flag set. + + dirmngr: Fix failed malloc error message. + + commit 94908857e1f54a3550a3704a5de6bd10b7902169 + * dirmngr/ocsp.c (check_signature): Fix error printing of xtrymalloc. + + gpgconf: Add config file for Windows Registry dumps. + + commit ebb736b2c310c8736d1165be9c8e2de413dd0ac6 + * tools/gpgconf.c (show_registry_entries_from_file): New. + (show_configs): Call it. + * doc/examples/gpgconf.rnames: New. + * doc/Makefile.am (examples): Add it. + +2022-08-02 Werner Koch <wk@gnupg.org> + + gpg: Make symmetric + pubkey encryption de-vs compliant. + + commit e8011a7ceca7d5d9fd703f227e56931a7ea151d6 + * g10/mainproc.c (proc_encrypted): Make symmetric + pubkey encryption + de-vs compliant. + + * g10/mainproc.c (struct symlist_item): New. + (struct mainproc_context): Add field symenc_list. + (release_list): Free that list. + (proc_symkey_enc): Record infos from symmetric session packet. + (proc_encrypted): Check symkey packet algos + + gpgconf: Improve registry dumping. + + commit 6bc959231802d60694b7677d3537261d9cda1e1d + * common/w32-reg.c (read_w32_registry_string): Map REG_DWORD to a + string. + (read_w32_reg_string): Add arg r_hklm_fallback and change all callers. + (show_configs): Indicate whether the HKLM fallback was used. + * tools/gpgconf.c (show_other_registry_entries): Fix the Outlook Addin + Registry key. Indicate whether the HKLM fallback was used. + +2022-07-28 Werner Koch <wk@gnupg.org> + + gpg: For de-vs use SHA-256 instead of SHA-1 as implicit preference. + + commit 890e616593af5d1e0f2eb932768205ef90928e5e + * g10/pkclist.c (select_algo_from_prefs): Change implicit hash + algorithm. + +2022-07-27 Werner Koch <wk@gnupg.org> + + agent: New option --no-user-trustlist and --sys-trustlist-name. + + commit d0bd91ba73a7e333e9b5007875c9bd475fb9581e + * agent/gpg-agent.c (oNoUserTrustlist,oSysTrustlistName): New. + (opts): Add new option names. + (parse_rereadable_options): Parse options. + (finalize_rereadable_options): Reset allow-mark-trusted for the new + option. + * agent/agent.h (opt): Add fields no_user_trustlist and + sys_trustlist_name. + * agent/trustlist.c (make_sys_trustlist_name): New. + (read_one_trustfile): Use here. + (read_trustfiles): Use here. Implement --no-user-trustlist. Also + repalce "allow_include" by "systrust" and adjust callers. + +2022-07-27 Ingo Klöcker <dev@ingo-kloecker.de> + + gpg: Look up user ID to revoke by UID hash. + + commit abe69b2094dd749fc2f285b672d30a4f1e3f12a7 + * g10/keyedit.c (find_userid_by_namehash, find_userid): New. + (keyedit_quick_revuid): Use find_userid() instead of iterating over the + nodes of the keyblock. + * tests/openpgp/quick-key-manipulation.scm: Add test for revoking a + user ID specified by its hash. + +2022-07-27 Werner Koch <wk@gnupg.org> + + wkd: Bind the address to the nonce. + + commit 73a98c13969169fee6bf5eaa71507a409eb17caf + * tools/gpg-wks-server.c (make_pending_fname): New. + (store_key_as_pending, check_and_publish): Use here. + (process_new_key): Pass addrspec to store_key_as_pending. + (expire_one_domain): Expire also the new files. + +2022-07-26 Ingo Klöcker <dev@ingo-kloecker.de> + + dirmngr: Ask keyservers to provide the key fingerprints. + + commit 22e8dc792702cd485408b5a8212d34a3917851ca + * dirmngr/ks-engine-hkp.c (ks_hkp_search): Add "fingerprint=on" to + request URL. + +2022-07-25 Ingo Klöcker <dev@ingo-kloecker.de> + + gpg: Request keygrip of key to add via command interface. + + commit ee8f1c10a7a54714fb2a9ca141d38e666b9a424d + * g10/keygen.c (ask_algo): Request keygrip via cpr_get. + * doc/help.txt (gpg.keygen.keygrip): New help text. + +2022-07-25 Werner Koch <wk@gnupg.org> + + wkd: Fix path traversal attack on gpg-wks-server. + + commit c1489ca0e101a81df6f8b1ba8d8a9afd9ebc6412 + * tools/gpg-wks-server.c (check_and_publish): Check for invalid + characters in sender controlled data. + * tools/wks-util.c (wks_fname_from_userid): Ditto. + (wks_compute_hu_fname): Ditto. + (ensure_policy_file): Ditto. + +2022-07-13 NIIBE Yutaka <gniibe@fsij.org> + + scd:openpgp: Fix workaround for Yubikey heuristics. + + commit 8c9f879d4aa01ad96320869fb3da83a843292504 + * scd/app-openpgp.c (parse_algorithm_attribute): Handle the case + of firmware 5.4, too. + + scd: Fail when no good algorithm attribute. + + commit 225c66f13b8700d9d283367705b31070a3d38d93 + * scd/app-openpgp.c (parse_algorithm_attribute): Return the error. + (change_keyattr): Follow the change. + (app_select_openpgp): Handle the error of parse_algorithm_attribute. + +2022-07-12 NIIBE Yutaka <gniibe@fsij.org> + + scd: Don't inhibit SSH authentication for larger data if it can. + + commit 07e43eda8dc69cecc385a6b3723e155afbc59257 + * scd/app-openpgp.c (do_auth): Use command chaining if available. + +2022-07-06 Werner Koch <wk@gnupg.org> + + Release 2.3.36. + + commit 491645b50ec97db12520483d347291d660db209c + + +2022-06-29 Werner Koch <wk@gnupg.org> + + gpgconf: New short options -V and -X. + + commit f357a5f239919de976b86a666410f504682973e4 + * tools/gpgconf.c: Assign short options -X and -V + (show_version_gnupg): Print the vsd version if available. + +2022-06-24 NIIBE Yutaka <gniibe@fsij.org> + + agent: Flush before calling ftruncate. + + commit 9e2307ddf0c2608e9cfb435f870b75cbb35791d7 + * agent/findkey.c (write_extended_private_key): Make sure + it is flushed out. + +2022-06-21 Werner Koch <wk@gnupg.org> + + sm: Update pkcs#12 module from master. + + commit 4c14bbf56fb544541bd65f9d6e6e0b81779dcab6 + * sm/minip12.c: Update from master. + * sm/import.c (parse_p12): Pass NULL for curve. + +2022-06-20 Werner Koch <wk@gnupg.org> + + common: Add an easy to use DER builder. + + commit d21ced1e3596dc9e4fa53995286b4cbbd6e94195 + * common/tlv-builder.c: New. + * common/tlv.c: Remove stuff only used by GnuPG 1. + (put_tlv_to_membuf, get_tlv_length): Move to ... + * common/tlv-builder.c: here. + * common/tlv.h (tlv_builder_t): New. + +2022-06-14 Werner Koch <wk@gnupg.org> + + g10: Fix garbled status messages in NOTATION_DATA. + + commit 7b1db7192e6e4d0cfc439b23b13831837c85bc21 + * g10/cpr.c (write_status_text_and_buffer): Fix off-by-one + +2022-06-09 NIIBE Yutaka <gniibe@fsij.org> + + agent,scd: Make sure to set CONFIDENTIAL flag in Assuan. + + commit aeee62593ae9147a38fd79f0782f3fa0e4ac5c4a + * agent/call-scd.c (inq_needpin): Call assuan_begin_confidential + and assuan_end_confidential, and wipe the memory after use. + * agent/command.c (cmd_preset_passphrase): Likewise. + * scd/command.c (pin_cb): Likewise. + +2022-06-03 Werner Koch <wk@gnupg.org> + + w32: Avoid warning about not including winsock2.h after windows.h. + + commit dfc01118ce0707c2d920fb31f7731f3a383df761 + * common/dynload.h: Include winsock2.h first. + + w32: Allow Unicode filenames for iobuf_cancel. + + commit 10db566489880acd510f8e07dc52a38dd82feafe + * common/iobuf.c (iobuf_cancel): Use gnupg_remove + * common/mischelp.c (same_file_p): Allow for Unicode names. + +2022-06-01 Werner Koch <wk@gnupg.org> + + scd:p15: Fix accidental commit of debug code. + + commit e3db6c74a6305e86eaefb0ca8d49d4d9754104ff + * scd/app-p15.c (do_sign): Revert MSE setting. + + scd: Shorten cardio debug output for all zeroes. + + commit 62becf599eb861936faf88b6ec5e0f7b1658b54e + * scd/apdu.c (all_zero_p): New. + (send_le): Use it. + + (cherry picked from commit 9b6f574928546e6905a92c3e74d72478f1585c66) + +2022-05-17 NIIBE Yutaka <gniibe@fsij.org> + + scd: Fix use of SCardListReaders for PC/SC. + + commit 7bc794c3113400af082b26610d9d1305826be54e + * scd/apdu.c (open_pcsc_reader): Initialize NREADER. + +2022-05-10 NIIBE Yutaka <gniibe@fsij.org> + + scd: Add workaround for ECC attribute on Yubikey. + + commit a5217c90003c2e1b9bfb06b58ffc2d0d9164f22a + * scd/app-openpgp.c (parse_algorithm_attribute): Skip possibly bogus + octet in a key attribute. + +2022-05-06 Werner Koch <wk@gnupg.org> + + scd:p15: Improve the displayed S/N for Technology Nexus cards. + + commit 91acbdc93c8a6ae06b483a27c8bb7c33a978108d + * scd/app-p15.c (any_control_or_space_mem): New. + (get_dispserialno): Add new code. + + scd:p15: Fix the the sanity check of the displayed S/N. + + commit 8efe738c4a090f523461fa3055da668467715105 + * scd/app-p15.c (any_control_or_space): Fix loop. + +2022-05-05 Werner Koch <wk@gnupg.org> + + scd:p15: Fix reading certificates without length info. + + commit 7f029eef6ce15be4167f56e7fc07755d189e5e27 + * scd/app-p15.c (readcert_by_cdf): Do not use extended mode if the CDF + object has no length info. Add debug output when reading a cert. + (read_p15_info): No more need to disable extended mode for GeNUA cards. + + scd: New debug flags "card". + + commit d60f930d9b000e802dc61c8e8d494a3091dc0437 + * scd/scdaemon.c (debug_flags): Add "card". + * scd/scdaemon.h (DBG_CARD_VALUE, DBG_CARD): New. + + gpg: Minor robustness fix. + + commit 36a5509e11c81305c4ded93982fa594bd52555a6 + * g10/parse-packet.c (mpi_read_detect_0_removal): Protect agains + failed gcry_mpi_scan. + +2022-05-02 NIIBE Yutaka <gniibe@fsij.org> + + tests: Add a test for Ed25519 keys for non-protected secret. + + commit 06e82e997a56406e04113a7f6c1d083e0cc04172 + * tests/openpgp/issue5120.scm: New. + +2022-04-28 NIIBE Yutaka <gniibe@fsij.org> + + gpg: Handle leading-zeros private key for Ed25519. + + commit 3fcef7371480cce392d690897d42955f1b19c12a + * g10/parse-packet.c (mpi_read_detect_0_removal): New. + (parse_key): Use mpi_read_detect_0_removal for PUBKEY_ALGO_EDDSA + to tweak the checksum. + + Revert "gpg: Accept Ed25519 private key in SOS which reserves leading zeros." + + commit 3192939a10df17cb9666773ed8888627f6d16b8d + This reverts commit 14de7b1e5904e78fcbe413a82d0f19b750bd8830. + +2022-04-25 Werner Koch <wk@gnupg.org> + + Release 2.2.35. + + commit f7bc6f50496bffc3c377cb4e3e844242a590b5e1 + + + gpg: Avoid NULL ptr access due to corrupted packets. + + commit 86d84464ae11666b1556e876a41a65cec8daaf18 + * g10/parse-packet.c (parse_signature): Do not create an opaque MPI + with NULL and length > 0 + (parse_key): Ditto. + +2022-04-25 NIIBE Yutaka <gniibe@fsij.org> + + agent: Not writing password into file. + + commit 9c0a24b4a55edff3d54cc5e98ba8112714f583e3 + * agent/genkey.c (do_check_passphrase_pattern): Use stream to invoke + pattern check program. + +2022-04-25 Werner Koch <wk@gnupg.org> + + gpg: Emit an ERROR status as hint for a bad passphrase. + + commit f021ecd57624f09430731f5deee2c4d0712150c8 + * g10/mainproc.c (proc_symkey_enc): Issue new error code. + (proc_encrypted): Ditto. + +2022-04-20 Werner Koch <wk@gnupg.org> + + w32: Do no use Registry item DefaultLogFile for the main tools. + + commit a5faaf8bee43e1e8d99cf3c08fad8ccce047fc28 + * g10/gpg.c (main): Set LOG_NO_REGISTRY. + * sm/gpgsm.c (main): Ditto. + * tools/gpg-connect-agent.c (main): Ditto. + * tools/gpgconf.c (main): Ditto. + (show_other_registry_entries): Print "DefaultLogFile". + +2022-04-14 Werner Koch <wk@gnupg.org> + + gpg: Replace an assert by a log_fatal. + + commit c8c71fc7161bf6b553bc5b45b2f7a06f8a1a4639 + * g10/build-packet.c (do_signature): Use log_fatal. + + scd: Minor code reorganization. + + commit 58532fe56c334d0edc589311e6601fb9da70d9a1 + * scd/ccid-driver.c: Move struct defines to the top. + (MAX_DEVICE): Rename to CCID_MAX_DEVICE. + + scd: Fix memory leak in ccid-driver. + + commit c4b14be48fe9b0f52bca9840375eb0eac3cc2432 + * scd/ccid-driver.c (ccid_dev_scan): Use loop var and not the count. + +2022-04-13 Werner Koch <wk@gnupg.org> + + scd:p15: Improve the PIN prompt for Genua cards. + + commit e99670f944bc613d258d0810c5831a2099718d4e + * scd/app-p15.c (CARD_PRODUCT_GENUA): New. + (cardproduct2str): Add it. + (read_p15_info): Detect and set GENUA + (make_pin_prompt): Take holder string from the AODF. + + scd:p15: Support for GeNUA cards. + + commit 44ec383cdec06ee4ac8dbe7b913990bbeeb3d3a3 + * scd/app-p15.c (read_p15_info): Disable extended mode for Genua + cards. + + scd:p15: Prepare AODF parsing for other authentication types. + + commit 29fd80581867beeec068b49e8587762394e7d4d1 + * scd/app-p15.c (auth_type_t): New. + (struct aodf_object_s): Add field auth_type. + (read_ef_aodf): Distinguish between pin and authkey types. Include + the authtype in the verbose mode diags. + + scd:p15: Add basic support for AET JCOP cards. + + commit 80cf64c65155f718ed7dcee0e6a2aedbd9a2a5b0 + * scd/app-p15.c (CARD_TYPE_AET): New. + (cardtype2str): Add string. + (card_atr_list): Add corresponding ATR. + (app_local_s): New flag no_extended_mode. Turn two other flags into + bit flags. + (select_ef_by_path): Hack to handle the 3FFF thing. + (readcert_by_cdf): Do not use extended mode for AET. + (app_select_p15): Set no_extended_mode. + --- + (cherry picked from commit 544ec7872aed24c296ea34fac777eca287f7bb47) + +2022-03-29 NIIBE Yutaka <gniibe@fsij.org> + + common,unix: Backport dotlock changes from GnuPG 2.3. + + commit d9a8d3353afd669252e25b56ed92f9fb7c0dcc3d + * common/dotlock.c (read_lockfile): Return FD in R_FD. + (dotlock_take_unix): Fix a race condition by new read_lockfile and + checking with fstat. Describe one race condition in comment. + (dotlock_release_unix): Follow the change of read_lockfile. + +2022-03-28 Werner Koch <wk@gnupg.org> + + dirmngr: Escape more characters in WKD requests. + + commit 3b251c8366cf7ddf5b82fc2331a8009fa1f2de23 + * dirmngr/server.c (proc_wkd_get): Also escape '#' and '+' + +2022-03-22 Werner Koch <wk@gnupg.org> + + gpgtar: New option --with-log. + + commit ce69d55f70a18cfe5cf91353efc00ab43ba8fd8b + * tools/gpgtar.c: New option --with-log. + * tools/gpgtar.h (opt): Add field with_log. + * tools/gpgtar-extract.c (gpgtar_extract): Move directory string + building up. Add option --log-file if needed. + * tools/gpgtar-create.c (gpgtar_create): Make tmpbuf static becuase it + is used outside of its scope. + * tools/gpgtar-list.c (gpgtar_list): Ditto. + +2022-03-21 Werner Koch <wk@gnupg.org> + + dirmngr: Make WKD_GET work even for servers not handling SRV RRs. + + commit 6d30fb6940d57237392f9196a4de5c7246ffefdf + * dirmngr/server.c (proc_wkd_get): Take care of DNS server failures + + gpgtar: Finally use a pipe for decryption. + + commit d431feb3077f763e37f824026988a10d87c8a5aa + * tools/gpgtar.h (opt): Add new flags. + * tools/gpgtar.c: new options --batch, --yes, --no, --status-fd, and + --require-compliance. + (main): Init signals. + * tools/gpgtar-create.c: Add new header files. + (gpgtar_create): Rework to use a pipe for encryption and signing. + * tools/gpgtar-list.c: Add new header files. + (gpgtar_list): Rework to use a pipe for decryption. + * tools/gpgtar-extract.c: Add new header files. + (gpgtar_extract): Rework to use a pipe for decryption. + +2022-03-18 Werner Koch <wk@gnupg.org> + + gpg: Print info about the used AEAD algorithm. + + commit 15eda7ce783a81d2f5911028a4c8c3ce5649edca + * g10/misc.c (openpgp_cipher_algo_mode_name): New. + * g10/decrypt-data.c (decrypt_data): Use function here. + + common: New function map_static_strings. + + commit c1453665491fb6a16883ee5e1828cfb0c28b466a + * common/mapstrings.c (struct intmapping_s): New. + (map_static_strings): New. + * common/stringhelp.c (do_strconcat): Rename to ... + (vstrconcat): this and make global. + + * common/t-mapstrings.c (test_map_static_strings): New test. + + gpg: Allow decryption of symencr even for non-compliant cipher. + + commit e081a601f7b31fa278e46de7c6834a756b63cec2 + * g10/decrypt-data.c (decrypt_data): Add arg compliance_error. Adjust + all callers. Fail on compliance error only in --require-compliance + mode. Make sure to return an error if the buffer is missing; actually + that should be an assert. + * g10/mainproc.c (proc_encrypted): Delay printing of the compliance + mode status. Consult the compliance error now returned by + decrypt_data. + +2022-03-15 Werner Koch <wk@gnupg.org> + + common: New flags for gnupg_spawn_process. + + commit 7ba44d15ca2f800c402a56eb71bb524f91ea2ffa + * common/exechelp.h (GNUPG_SPAWN_KEEP_STDIN): New. + (GNUPG_SPAWN_KEEP_STDOUT): New. + (GNUPG_SPAWN_KEEP_STDERR): New. + * common/exechelp-posix.c (do_exec): Add arg flags and implement new + flags. + * common/exechelp-w32.c (gnupg_spawn_process): Implement new flags. + +2022-03-09 Werner Koch <wk@gnupg.org> + + gpgconf: Silence warnings from parsing the options files. + + commit e8b1ab1d2d22f938b3e5991343b7e089d96606a0 + * tools/gpgconf-comp.c (retrieve_options_from_program): Set verbose + flag for the arg parser only in --verbose mode. + +2022-03-09 NIIBE Yutaka <gniibe@fsij.org> + + sm: Fix parsing encrypted data. + + commit 0c7dffe99d3fded41df87512063515b5ca2da820 + * sm/minip12.c (cram_octet_string): Finish when N==0. + (parse_bag_encrypted_data): Support constructed data with multiple + octet strings. + +2022-03-08 Werner Koch <wk@gnupg.org> + + gpgsm: New option --require-compliance. + + commit 847d618454e6f8418b169132dbdd0307d9b4d7e0 + * sm/gpgsm.c (oRequireCompliance): New. + (opts): Add --require-compliance. + (main): Set option. + * sm/gpgsm.h (opt): Add field require_compliance. + (gpgsm_errors_seen): Declare. + * sm/verify.c (gpgsm_verify): Emit error if non de-vs compliant. + * sm/encrypt.c (gpgsm_encrypt): Ditto. + * sm/decrypt.c (gpgsm_decrypt): Ditto. + + gpg: New option --require-compliance. + + commit 17890d43187384d049d80af28a5baea8613ff6ea + * g10/options.h (opt): Add field flags.require_compliance. + * g10/gpg.c (oRequireCompliance): New. + (opts): Add --require-compliance. + (main): Set option. + * g10/mainproc.c (proc_encrypted): Emit error if non de-vs compliant. + (check_sig_and_print): Ditto. + * g10/encrypt.c (encrypt_crypt): Ditto. + + gpg: Give Libgcrypt CFLAGS a higher priority than SQlite. + + commit c11292fe736db6e61fad17d74f65b0b5ad9c2808 + * g10/Makefile.am (AM_CFLAGS): Reorder. + +2022-03-04 Werner Koch <wk@gnupg.org> + + gpgtar,w32: Support file names longer than MAX_PATH. + + commit 5492079defab85b1ba2c583e32a8feb752314b2e + * tools/gpgtar.c: Replace assert by log_assert. + * tools/gpgtar-extract.c: Ditto. + (extract_regular): Create files with sysopen flag. + * tools/gpgtar-create.c (scan_directory): Use gpgrt_fname_to_wchar. + + common,w32: Support file names longer than MAX_PATH in iobuf. + + commit 4122896a39b7ac5dc071bf4d2e9be0ac8a3e21d7 + * common/iobuf.c (direct_open): Use gpgrt_fname_to_wchar. + (any8bitchar): Remove. + +2022-02-24 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + g10: Avoid extra hash contexts when decrypting MDC input. + + commit 9116fd1e9a2da9c83f94acfe41fb6e5c6f03e8d1 + * g10/mainproc.c (mainproc_context): New member + 'seen_pkt_encrypted_mdc'. + (release_list): Clear 'seen_pkt_encrypted_mdc'. + (proc_encrypted): Set 'seen_pkt_encrypted_mdc'. + (have_seen_pkt_encrypted_aead): Rename to... + (have_seen_pkt_encrypted_aead_or_mdc): ...this and add check for + 'seen_pkt_encrypted_mdc'. + (proc_plaintext): Do not enable extra hash contexts when decrypting + MDC input. + +2022-02-21 Werner Koch <wk@gnupg.org> + + scd:p15: Used extended mode already for RSA 2048. + + commit a2db490de5473af42d7b5a99398c48befe294394 + * scd/app-p15.c (do_sign, do_decipher): Replace GT by GE. + +2022-02-17 NIIBE Yutaka <gniibe@fsij.org> + + tests: Remove a test case with "quiet" option with gpgconf. + + commit f064d972e38863358a2dd53de43acd66572830c2 + * tests/openpgp/gpgconf.scm: Remove "quiet" test. + + scd: Use lock_slot for apdu_send_direct. + + commit 3c3765405de02b9a57fdc9a3cf901f6e3aca8586 + * scd/apdu.c (apdu_send_direct): Use lock_slot. + +2022-02-09 Werner Koch <wk@gnupg.org> + + gpgconf: Do not show "quiet" as option. + + commit 2f2130ff24faf4507fa5949e834c155b4a8e1525 + * tools/gpgconf-comp.c: Remove "quiet" and two unsupported options + +2022-02-07 Werner Koch <wk@gnupg.org> + + Release 2.2.34. + + commit 04d40a680baa43f9803d0981b1da49144021d723 + + + dirmngr: Changes to the linking order. + + commit 3c79ff34c417bfc392008eca1970b86bec54d6c3 + * dirmngr/Makefile.am: Tweak library order. + + gpgconf: Make gpgconf --launch dirmngr work again. + + commit 5a7ed6dd8f1b4e3c2e8f6e82700a86bd886c5f50 + * tools/gpgconf.h (gc_component_id_t): Fix the order. + + gpgconf: Print the used code pages on Windows with --show-configs. + + commit 32b364b99b492c580330591640cdaa7407016733 + * tools/gpgconf.c (show_configs): Add some code + + common: Fix creation of Windows socket directories. + + commit 7d1215cb9cba258102b91c92e6973783e8d53b07 + * common/homedir.c (w32_try_mkdir): Remove. + (standard_homedir): Use gnupg_mkdir instead of w32_try_mkdir. + (_gnupg_socketdir_internal): Ditto. + +2022-02-04 Werner Koch <wk@gnupg.org> + + m4: Update our library m4 files from master. + + commit c8cd66ae7e609f221c7dad905e88a206a285ab1c + * m4/gpg-error.m4: Updated + * m4/ksba.m4: Updated + * m4/libassuan.m4: Updated + * m4/libgcrypt.m4: Updated + * m4/npth.m4: Updated + * m4/ntbtls.m4: Updated + +2022-02-03 Werner Koch <wk@gnupg.org> + + dirmngr: Allow building with non-standard ntbtls location. + + commit 137590fd8614a69cc60da3226cefc4495502ec26 + * dirmngr/Makefile.am: Add missing -L and -I + + dirmngr: Simplify --gpgconf-list output. + + commit 0b76ef48e1df4c210d57f3bf4bc1fe1fa3762408 + * dirmngr/dirmngr.c (main): Keep only values with the default flag. + + sm: New option --ignore-cert-with-oid. + + commit bcf446b70ca58ac1497269f047fba9ddb3d62e96 + * sm/gpgsm.c (oIgnoreCertWithOID): New. + (opts): Add option. + (main): Store its value. + * sm/call-agent.c (learn_cb): Test against that list. + +2022-02-02 Werner Koch <wk@gnupg.org> + + gpgconf: Return the compliance_de_vs item. + + commit e058d15d2d56dfed2723e1a55c75e52db87b2dc2 + * tools/gpgconf-comp.c (known_options_gpg): Add missing pseudo option. + +2022-02-01 Werner Koch <wk@gnupg.org> + + dirmngr: Avoid initial delay on the first keyserver access. + + commit dde88897e2c5851aab32370ee6c8ace150debb77 + * dirmngr/dirmngr.c (dirmngr_never_use_tor_p): New. + * dirmngr/server.c (ensure_keyserver): Don't even test for the Tor + proxy in never-use-tor Mode. + + * tools/gpgtar-create.c: Include unistd.h to avoid a warning on + Windows. + + gpg: Set --verbose and clear --quiet in debug mode. + + commit d426ed66ac043e442649a8a2bc7eac6753a5bf58 + * g10/gpg.c (set_debug): Tweak options. + +2022-01-28 Werner Koch <wk@gnupg.org> + + ssh: Fix adding an ed25519 key with a zero length comment. + + commit 2331900d1cc022c04177272a51c00690229bb989 + * agent/command-ssh.c (sexp_key_construct): Do not put an empty string + into an S-expression. + (stream_read_string): Do not not try to a read a zero length block. + +2022-01-27 Werner Koch <wk@gnupg.org> + + gpgconf: Tweak the use of ldapserver. + + commit e1fc053dc1ad260922428cf864071e829e6c30f2 + * tools/gpgconf-comp.c (known_options_gpgsm): Make "keyserver" + invisible. + (known_options_dirmngr): Add "ldapserver". + * sm/gpgsm.c (oKeyServer_deprecated): New. + (opts): Assign "ldapserver" to the new option and makr it as obsolete. + +2022-01-26 Werner Koch <wk@gnupg.org> + + gpgconf: Some more fixes for the backported stuff. + + commit eefa2d19ee3f359435f0e5324cb5f10f2d8940a5 + * agent/gpg-agent.c (main) <gpgconf_list>: Keep only those option which + have a default. Remove runtime flag. + * common/gc-opt-flags.h (GC_OPT_FLAG_RUNTIME): Move to ... + * tools/gpgconf-comp.c: here because it is now inetrnal to gpgconf. + (known_options_gpg_agent): Add a few missing runtime flags. Remove + "options". Add "check-sym-passphrase-pattern". + (known_options_scdaemon, known_options_gpgsm): Remove "options". + (dirmngr): Ditto. + + * tools/gpgconf-comp.c (is_known_option): Return only options having a + value for name. Thus we list list options from the known_options + tables. + + gpgconf: Fix --list-options for forced options. + + commit 85300587cc8a115c96e812850762090f937ade9b + * tools/gpgconf-comp.c: Remove assert.h and replace all assert calls + by log_assert. + (known_options_gpg): Add "keyserver" as invisible. Remove "options". + (known_pseudo_options_gpg, known_pseudo_options_gpgsm): New. + (gc_component): Add field known_pseudo_options. + (struct read_line_wrapper_parm_s): New. + (read_line_wrapper): New. + (retrieve_options_from_program): Use read_line_wrapper to handle + pseudo options. + (retrieve_options_from_program): Ignore to be ignored options. Add + failsafe code to avoid calling percent_escape with NULL. + +2022-01-25 Werner Koch <wk@gnupg.org> + + common: Fix returning of option attributes for options with args. + + commit d8e6d1e9ed7d181f546426269ab7b04e184bb9a1 + * common/argparse.c (gnupg_argparse): Set attribute flags + + scd: Also prefer Yubikeys if no reader port is given. + + commit 38c666ec3fdb0e3a8762889ae99faca4adb68b68 + * scd/apdu.c (select_a_reader): Extend the white list. + +2022-01-17 NIIBE Yutaka <gniibe@fsij.org> + + gpg: Fix adding the list of ultimate trusted keys. + + commit 4cc724639c012215f59648cbb4b7631b9d352e36 + * g10/keygen.c (do_generate_keypair): Remove call to + register_trusted_keyid for updating user_utk_list. + * g10/trust.c (register_trusted_keyid): Remove. + (update_ownertrust): Add call to tdb_update_utk. + * g10/trustdb.c (tdb_register_trusted_keyid): Make it internal + function by adding "static" qualifier. + Replace calls of register_trusted_keyid to tdb_register_trusted_keyid. + (tdb_update_utk): New. + * g10/trustdb.h (tdb_update_utk): New. + +2022-01-12 Werner Koch <wk@gnupg.org> + + gpgconf: Add command aliases -L -K -R. + + commit f16c535eee912224a44b5999df7915c69f2d41bc + * tools/gpgconf.c (enum cmd_and_opt_values): Assign shortcuts. + + common,w32: Improve HKCU->HKLM fallback. + + commit 96db487a4da5903b71c64edf7a0ee9c2e01a8762 + * common/w32-reg.c (read_w32_registry_string): Add another fallback. + +2022-01-10 Werner Koch <wk@gnupg.org> + + gpgtar: List and extract using extended headers. + + commit bf4cf04a54bb2aa34afdf1d3c814ca4e185bacc8 + * tools/gpgtar.h (TF_EXTHDR, TF_GEXTHDR): New. + * tools/gpgtar-list.c (parse_header): Set the new type flags. + (parse_extended_header): New. + (read_header): Add arg r_extheader and parse extended header. + (print_header): Consult the extended header. + (gpgtar_list): Pass an extended header object. + (gpgtar_read_header): Ditto. + (gpgtar_print_header): Ditto. + * tools/gpgtar-extract.c (extract): New arg exthdr and factor name + checking out to ... + (check_suspicious_name): new. + (extract_regular): Add arg exthdr and consult it. + (extract_directory): Likewise. + (gpgtar_extract): Provide extheader object. + + gpgtar: Create extended header for long file names. + + commit ec69ceab2615758e88c52a1d30c4731b3e71b105 + * tools/gpgtar-create.c (global_header_count): new. + (myreadlink): New. + (build_header): New arg r_exthdr. Detect and store long file and link + names. Factor checkum computation out to ... + (compute_checksum): new. + (add_extended_header_record): New. + (write_extended_header): New. + (write_file): Write extended header. + +2021-12-30 Werner Koch <wk@gnupg.org> + + build: Fixes recent commits to still build with gpgrt 1.27. + + commit c4153f7021afafe9ce4459aa08857136b394cce7 + * agent/gpg-agent.c (main): Use gnupg_argparse. + * tools/gpgconf-comp.c: Use gnupg_opt_t. + * tools/gpgconf.c (show_version_gnupg): Use strusage. + + gpgconf: Do not list ignored options and mark forced options as r/o. + + commit c69c51bce0f07bf1becdb944a422bdc563705dae + * tools/gpgconf-comp.c (list_one_option): Skip ignored options and set + the no_change flag for forced options. + (retrieve_options_from_program): Put the attributes into the option + table. + +2021-12-29 Werner Koch <wk@gnupg.org> + + gpg: Re-group the options in the --help output. + + commit f7bde071ccc8583b58ddaafa42e997e9202b041f + * g10/gpg.c (opts): Change oLoadExtensions, oStrict, and oNoStrict to + use ARGPARSE_ignore and remove the code in the option switch. + + agent: Re-group the options in the --help output. + + commit 7e535503a9c637007a933a77e4bc674c8fb6dfea + * agent/gpg-agent.c (oGreeting): Remove non existant dummy option. + + gpgconf: Take care of --homedir when reading/updating options. + + commit 5934027115239cb7b39659f14f7a1dfecada6b76 + * tools/gpgconf-comp.c (gpg_agent_runtime_change): Remove unused var. + (scdaemon_runtime_change): Ditto. + (dirmngr_runtime_change): Ditto. + (gc_component_check_options): Pass --homedir if needed. + (retrieve_options_from_program): Take care of --homedir. + + gpgconf: Rewrite the gpgconf-comp module. + + commit 7a3a1ef3707194e1086c452d005319c519905d3e + * tools/gpgconf.h (gc_component_t): Change type to ... + (gc_component_id_t): this. + (GC_COMPONENT_ANY): New, so that we can use that in gpgconf-comp.c + directly. + * tools/gpgconf-comp.c: Major rework. + + gpgconf: Support reading global options (part 2). + + commit 5f890f417f135e237074c8a454e6a73e66d7b78d + * tools/gpgconf-comp.c: Remove all regular option descriptions. They + are now read in from the component. Also remove a few meanwhile + obsolete options. + * agent/gpg-agent.c: Add option description which were only set in + gpgconf-comp.c. + * dirmngr/dirmngr.c: Ditto. + * scd/scdaemon.c: Ditto. + * sm/gpgsm.c: Ditto. + * g10/gpg.c: Ditto. + + gpgconf: Support reading global options (part 1). + + commit 7397872445d6d2b8c9ef25e0108e603baa5478de + * tools/gpgconf.c (main): Set the config directories. + * tools/gpgconf-comp.c (gc_backend): Change the name of the config + files. + (struct gc_option): Add new field 'attr'. + (retrieve_options_from_program): Rewrite to use gpgrt_argparser. + + common: New function xreallocarray. + + commit f0d034ebf4fc299c2a6097248f51c329e65d2976 + * common/miscellaneous.c (gnupg_reallocarray): New. + (xreallocarray): New. + +2021-12-13 Werner Koch <wk@gnupg.org> + + common,w32: Sync read_w32_registry_string with the gpgrt version. + + commit 1af559a9a24fd930094ab7b466ed051cdbc66f99 + * common/w32-reg.c (get_root_key): Add short version of the root + classes. + +2021-12-07 NIIBE Yutaka <gniibe@fsij.org> + + gpg: Accept Ed25519 private key in SOS which reserves leading zeros. + + commit 14de7b1e5904e78fcbe413a82d0f19b750bd8830 + * g10/parse-packet.c (sos_read): Backport from 2.3. + (parse_key): Use sos_read for Ed25519 private key. + +2021-11-23 Werner Koch <wk@gnupg.org> + + Release 2.2.33. + + commit 457f6ac1ef6d61ffcc336683a85ffeed3114ae63 + + +2021-11-23 Ineiev <ineiev@gnu.org> + + po: Update Russian translation. + + commit 007fea8ce9af97f36b48253c6be764dcd35fdd9e + + +2021-11-22 Werner Koch <wk@gnupg.org> + + gpg: New option --forbid-gen-key. + + commit 985fb25c46eafc811e7a07597591ede0cf89a921 + * g10/gpg.c (oForbidGenKey, opts): New option. + (mopt): New local struct + (gen_key_forbidden): New. + (main): Set and handle the option. + +2021-11-19 Werner Koch <wk@gnupg.org> + + gpgconf: Include output of --list-dirs in --show-configs. + + commit 40d2c931652777509aba35d48b5d193a7e208780 + * tools/gpgconf.c (list_dirs): Add arg special. + (show_other_registry_entries): Print the Homedir. + (show_configs): List directories. + +2021-11-18 Werner Koch <wk@gnupg.org> + + gpgconf: --show-configs now prints a bunch of Registry entries. + + commit 7f31891ab1e51c00dd42232d3c286df519c2cdb8 + * tools/gpgconf.c (show_other_registry_entries): New. + (show_configs): Call it. Minor reformatting. + + gpgconf: Extend --show-config to show envvars. + + commit 58652f4c0b3a5e9fb6de54d802173bc52c798134 + * tools/gpgconf.c (my_copy_file): Add arg LISTP and record certain + things. + (show_configs_one_file): New arg LISTP to be passed thru. + (show_configs): Show envars and regisiry values. + + common,w32: New function read_w32_reg_string. + + commit 6c6c404883e52545ed38293384c95fdacb7227c4 + * common/w32-reg.c (read_w32_reg_string): New. + + * common/t-w32-reg.c (test_read_registry): Add another test. + + gpg,gpgsm: Add option --min-rsa-length. + + commit 6ee01c1d26cae0415a3eec7f067cff7c324cb9c1 + * common/compliance.c (min_compliant_rsa_length): New. + (gnupg_pk_is_compliant): Take in account. + (gnupg_pk_is_allowed): Ditto. + (gnupg_set_compliance_extra_info): New. + * g10/gpg.c (oMinRSALength): New. + (opts): Add --min-rsa-length. + (main): Set value. + * g10/options.h (opt): Add field min_rsa_length. + * sm/gpgsm.c (oMinRSALength): New. + (opts): Add --min-rsa-length. + (main): Set value. + * sm/gpgsm.h (opt): Add field min_rsa_length. + +2021-11-15 Werner Koch <wk@gnupg.org> + + sm: Detect circular chains in --list-chain. + + commit c9343bec83e2c2a14b564b8a13998806eab1ae9f + * sm/keylist.c (list_cert_chain): Break loop for a too long chain. + +2021-11-15 NIIBE Yutaka <gniibe@fsij.org> + Klas Lindfors + + scd:openpgp: Support longer data for INTERNAL_AUTHENTICATE. + + commit b6b735edab036e4992872ef3d44b357fb9281ca8 + * scd/app-openpgp.c (do_auth): Use extended Lc, when supported. + +2021-11-14 Ingo Klöcker <dev@ingo-kloecker.de> + + build: Fix several "include file not found" problems. + + commit 027e34235bc576e1523566bf98b2b795d3dc7967 + * dirmngr/Makefile.am (t_ldap_parse_uri_CFLAGS): Add KSBA_CFLAGS. + * kbx/Makefile.am (libkeybox_a_CFLAGS, libkeybox509_a_CFLAGS): Add + NPTH_CFLAGS. + * tools/Makefile.am (gpgtar_CFLAGS, gpg_wks_server_CFLAGS, + gpg_wks_client_CFLAGS, gpg_pair_tool_CFLAGS): Add LIBGCRYPT_CFLAGS. + +2021-11-14 Werner Koch <wk@gnupg.org> + + agent: Print the non-option warning earlier. + + commit a43efc9294d158c62a3a04396fa3fe6c77090ba8 + * agent/gpg-agent.c (main): Move detection up. + +2021-11-13 Werner Koch <wk@gnupg.org> + + gpg: Remove stale ultimately trusted keys from the trustdb. + + commit bc6d56282ec998e4b2d13c522316348b5058fc3f + * g10/tdbdump.c (export_ownertrust): Skip records marked with the + option --trusted-key. + (import_ownertrust): Clear the trusted-key flag. + * g10/tdbio.h (struct trust_record): Add field flags. + * g10/tdbio.c (tdbio_dump_record): Improve output. + (tdbio_read_record, tdbio_write_record): Handle flags. + * g10/trustdb.c (verify_own_keys): Clear stale trusted-keys and set + the flag for new --trusted-keys. + (tdb_update_ownertrust): Add arg as_trusted_key. Update callers. + + gpgconf: New command --show-configs. + + commit 8fe3f57643479b8cb2e9e10fa2069c415c47d0af + * tools/gpgconf.c (aShowConfigs): New. + (opts): Add --show-configs. + (CUTLINE_FMT): New. + (show_version_gnupg): Add arg "prefix" and adjust caller. + (my_copy_file): New. + (show_configs_one_file): New.New. + (show_configs): New. + (main): Call show_configs. + + agent,dirmngr: New option --steal-socket. + + commit 6507c6ab101e61fc5a3472497d258a0109257a47 + * agent/gpg-agent.c (oStealSocket): New. + (opts): Add option. + (steal_socket): New file global var. + (main): Set option. + (create_server_socket): Implement option. + + * dirmngr/dirmngr.c (oStealSocket): New. + (opts): Add option. + (steal_socket): New file global var. + (main): Set option. Add comment to eventually implement it. + +2021-11-10 NIIBE Yutaka <gniibe@fsij.org> + + scd: More conservative selection of a card reader. + + commit 0982c6cb19da689ae84ad25b6db12bf30ac75030 + * scd/apdu.c (select_a_reader): Only SPRx32 is in the white list. + +2021-11-09 Bernhard M. Wiedemann <bwiedemann@suse.de> + + wks: Do not mark key files as executable. + + commit 46ada6a9bd83daa9e5f064adfea1bb6ccdba5dcb + + + wks: Allow access to newly created dirs. + + commit f54feb44700062fd3f4ca2d5e6d4e203e74d94ea + + +2021-11-02 Werner Koch <wk@gnupg.org> + + common: Support MYPROC_SELF_EXE for Solaris. + + commit 006131f6289cd0e03a470c77795ad50a4bf9e269 + * common/homedir.c (MYPROC_SELF_EXE): Add case for SunOS. + + common: Silence warning from unix_rootdir on systems w/o /proc. + + commit bcd8f0239dfc36f99fbbb8ee309828ccee8974c0 + * common/homedir.c (unix_rootdir): Silence diagnostic in the common + case. + (MYPROC_SELF_EXE): Support NetBSD. + +2021-11-02 Ingo Klöcker <dev@ingo-kloecker.de> + + common: Respect gpgconf.ctl when looking up translations. + + commit 947fedf0e7d95571abd039e827c401ebc64a8abb + * common/i18n.c (i18n_init): Use gnupg_localedir() instead of LOCALEDIR. + (i18n_localegettext): Ditto. + * tools/gpgconf-comp.c (my_dgettext): Ditto. + +2021-11-02 Werner Koch <wk@gnupg.org> + + common: Support gpgconf.ctl also for BSDs. + + commit 49d589c409cc1813a48fecaf3fb5772e6febe281 + * common/homedir.c (MYPROC_SELF_EXE): New. + (unix_rootdir): Use it here. Also support GNUPG_BUILD_ROOT as + fallback. + + common: Add keyword sysconfdir to the optional gpgconf.ctl file. + + commit 3828dd7a4067db2911caebde324053b4e354a486 + * common/homedir.c (unix_rootdir): Add arg want_sysconfdir. + (gnupg_sysconfdir): Return it. + + common: Support a gpgconf.ctl file under Unix. + + commit 82328165cf4be4771674b703c1e15178f87530e2 + * common/homedir.c (unix_rootdir): New. + (gnupg_bindir): Use it. + (gnupg_libexecdir): Use it. + (gnupg_libdir): Use it. + (gnupg_datadir): Use it. + (gnupg_localedir): Use it. + + common: New function substitute_envvars. + + commit f0162afb6b6f8ac1a993452643d8cb64fb3f2953 + * common/stringhelp.c (substitute_envvars): New. Based on code in + gpg-connect-agent. + * common/t-stringhelp.c: Include sysutils.h. + (test_substitute_envvars): New. + + common,w32: Do not always print "Garbled console data" warning. + + commit a756a61f19ce44958f93757894f65b09cebd484a + * common/init.c (_init_common_subsystems): Silence message. + +2021-11-02 NIIBE Yutaka <gniibe@fsij.org> + + dns: Make reading resolv.conf more robust. + + commit 152f0281552f6a8e4bc082f3aaeec17c84001cfe + * dirmngr/dns.c (dns_resconf_loadfile): Skip "search" which + begins with '.'. + +2021-10-22 Werner Koch <wk@gnupg.org> + + gpg: Fix printing of binary notations. + + commit 918e9218002b2b0d455a8df86a63c9187cf6fdf4 + * g10/keylist.c (show_notation): Print binary notation from BDAT. + + gpgconf: create local option file even if a global file exists. + + commit 5e3eea4b738cc3e8e257635b7cb53dcf43c07f79 + * tools/gpgconf-comp.c (munge_config_filename): New. + (change_options_program): Call it. + +2021-10-22 NIIBE Yutaka <gniibe@fsij.org> + + scd: Select a reader for PC/SC. + + commit 752422a792cecf459b37f517d634bcf272292b14 + * scd/apdu.c (select_a_reader): New. + (open_pcsc_reader): Use select_a_reader. + +2021-10-13 Werner Koch <wk@gnupg.org> + + gpg: New option --override-compliance-check. + + commit 773b8fbbe915449c723302f5268d7906b40d84d3 + * g10/gpg.c (oOverrideComplianceCheck): New. + (opts): Add new option. + (main): Set option and add check for batch mode. + * g10/options.h (opt): Add flags.override_compliance_check. + + * g10/sig-check.c (check_signature2): Factor complaince checking out + to ... + (check_key_verify_compliance): new. Turn error into a warning in + override mode. + +2021-10-06 Werner Koch <wk@gnupg.org> + + Release 2.2.32. + + commit 476096099db9ea3f66581fa3ca8724291e3a5c80 + + +2021-10-06 NIIBE Yutaka <gniibe@fsij.org> + + gpg: Skip the packet when not used for AEAD. + + commit a17f1b607473f5aae081ffe22381dda2b54a7a6a + * g10/free-packet.c (free_packet): Add the case for case + PKT_ENCRYPTED_AEAD. + +2021-10-06 Werner Koch <wk@gnupg.org> + + dirmngr: New option --ignore-cert. + + commit 323a20399d905e8ae1cc0d71846c298116460464 + * dirmngr/dirmngr.h (struct fingerprint_list_s): Add field binlen. + (opt): Add field ignored_certs. + * dirmngr/dirmngr.c: Add option --ignore-cert + (parse_rereadable_options): Handle that option. + (parse_ocsp_signer): Rename to ... + (parse_fingerprint_item): this and add two args. + * dirmngr/certcache.c (put_cert): Ignore all to be igored certs. + Change callers to handle the new error return. + + dirmngr: Fix Let's Encrypt certificate chain validation. + + commit 341ab0123a8fa386565ecf13f6462a73a137e6a4 + * dirmngr/certcache.c (find_cert_bysubject): Return the first trusted + certififcate if any. + +2021-09-15 Werner Koch <wk@gnupg.org> + + Release 2.2.31. + + commit ecf4c2f611238799a3af6369a64e418a77ab9dd6 + + +2021-09-14 Werner Koch <wk@gnupg.org> + + scd: Remove context reference counting from pc/sc. + + commit 67e1834ad402e86906429ba0e2bf7ebd72de2450 + * scd/apdu.c (pcsc): Add flag context_valid, remove count. + (close_pcsc_reader): Use new flag instead of looking at magic context + value. + (pcsc_init): Set new flag. + (open_pcsc_reader): Use new flag. + (apdu_init): Clear new flag. + + * scd/apdu.c: Remove assert.h. Replace all assert by log_assert. + +2021-09-13 Werner Koch <wk@gnupg.org> + + common: New envvar GNUPG_EXEC_DEBUG_FLAGS. + + commit 117afec018911a3b0187f15c8559f811a72ddb79 + * common/exechelp-w32.c (gnupg_spawn_process_detached): Silence + breakaway messages and turn them again into debug messages. + +2021-09-08 Werner Koch <wk@gnupg.org> + + scd: Support PC/SC for "getinfo reader_list". + + commit f32994b0bf07d62bf596cc8bb6ec3c3a5f133ac4 + * scd/apdu.c: Include membuf.h. + (pcsc): Add reader_list field. + (open_pcsc_reader): Fill that field. + (apdu_get_reader_list): New. + * scd/command.c: Remove header ccid-driver.h. + (pretty_assuan_send_data): New. + (cmd_getinfo): Print all reader names. + +2021-09-07 Werner Koch <wk@gnupg.org> + + scd: Fix possible assertion in close_pcsc_reader. + + commit 192113552faa98f40cc91fe014ec55861474626c + * scd/apdu.c (close_pcsc_reader): Don't ref-count if the context is + invalid. + (open_pcsc_reader): Compare the context against -1 which is our + indicator for an invalid context. + + agent: Fix segv in GET_PASSPHRASE (regression) + + commit 4b2cfec2dc2fd524a4fed6c17bb11e6a7baf15f2 + * agent/command.c (cmd_get_passphrase): Do not deref PI. PI is always + NULL. + +2021-08-27 NIIBE Yutaka <gniibe@fsij.org> + + common: Fix put_membuf. + + commit 7e431e009e479e63f0996a612e12fb9d8b209ab9 + * common/membuf.c (put_membuf): Allow NULL for the second arg. + + build: Fix removal of AC_TYPE_SIGNAL. + + commit 0ca84cbdf0a5a956f4de80f874f8a3b495cfab20 + * configure.ac: AC_TYPE_SIGNAL is still needed. + + common: Fix get_signal_name for GNU/Linux. + + commit d5f9481186eaf2ff28d7ab04fd36f0bbd1c9714d + * common/signal.c (get_signal_name): Use sigdescr_np if available. + * configure.ac: Check the function. + +2021-08-26 Werner Koch <wk@gnupg.org> + + Release 2.2.30. + + commit d583e750a668f82bdaa1d0f7c4ffc68c35ed4ca6 + + +2021-08-20 Werner Koch <wk@gnupg.org> + + wkd: Properly unescape the user-id from a key listing. + + commit 2b65f4e953806977490b11cb4739c22ab94e0030 + * tools/wks-util.c (append_to_uidinfo_list): Unescape UID. + + common: New function decode_c_string. + + commit 17e2ec488f662059df0fd2d3b777aa51eab5c0cc + * common/miscellaneous.c (decode_c_string): New. + + agent: Use the sysconfdir for a pattern file. + + commit 5ed8e598faaffa9aec43fc70199ed7f57560c2ba + * agent/genkey.c (do_check_passphrase_pattern): Use make_filename. + + agent: Ignore passphrase constraints for a generated passphrase. + + commit db5dc7a91af3774cfbce0bc533e0f0b5498402fe + * agent/agent.h (PINENTRY_STATUS_PASSWORD_GENERATED): New. + (MAX_GENPIN_TRIES): Remove. + * agent/call-pinentry.c (struct entry_parm_s): + (struct inq_cb_parm_s): Add genpinhash and genpinhas_valid. + (is_generated_pin): New. + (inq_cb): Suppress constraints checking for a generated passphrase. + No more need for several tries to generate the passphrase. + (do_getpin): Store a generated passphrase/pin in the status field. + (agent_askpin): Suppress constraints checking for a generated + passphrase. + (agent_get_passphrase): Ditto. + * agent/command.c (cmd_get_passphrase): Ditto. + + wkd: Fix client issue with leading or trailing spaces in user-ids. + + commit 576e429d41a144ff4f0c00e8722da2f92ae17d9a + * common/recsel.c (recsel_parse_expr): Add flag -t. + * common/stringhelp.c (strtokenize): Factor code out to + do_strtokenize. + (strtokenize_nt): New. + (do_strtokenize): Add arg trim to support the strtokenize_nt. + * common/t-stringhelp.c (test_strtokenize_nt): New test cases. + + * tools/wks-util.c (wks_list_key): Use strtokenize_nt and the recsel + flag -t. + + gpg: Return SUCCESS/FAILURE status also for --card-edit/name. + + commit 6685696adafba104072303507dedbbd45731d326 + * g10/card-util.c (change_name): Call write_sc_op_status. + +2021-08-18 Werner Koch <wk@gnupg.org> + + agent: Improve the GENPIN callback. + + commit 2e69ce878f893de0830317f94c51fdce70e1e540 + * agent/call-pinentry.c (DEFAULT_GENPIN_BYTES): Replace by ... + (DEFAULT_GENPIN_BITS): this and increase to 150. + (generate_pin): Make sure that we use at least 128 bits. + + agent: Fix for zero length help string in pinentry hints. + + commit 4855888c0a56a50be6085476f5767d0c62722f2d + * agent/call-pinentry.c: Remove unused assert.h. + (inq_cb): Fix use use of assuan_end_confidential in case of nested + use. + (do_getpin): Ditto. + (setup_formatted_passphrase): Escape the help string. + (setup_enforced_constraints): Ignore empty help strings. + + common,w32: Replace log_debug by log_info for InProcessJobs. + + commit ec2f1b38980a1b60624a35707ccebb05c5524d2f + * common/exechelp-w32.c (gnupg_spawn_process_detached): Use log_info. + +2021-08-17 Werner Koch <wk@gnupg.org> + + w32: Move socketdir to LOCAL_APPDATA. + + commit 4dfa951a0a631d5e0e44ff5fb8fb74adb651190c + * common/homedir.c (is_gnupg_default_homedir): Use standard_homedir + instead of the constant which makes a difference on Windows. + (_gnupg_socketdir_internal) [W32]: Move the directory to LOCAL_APPDATA. + (gnupg_cachedir): Remove unsued function. + + * common/sysutils.c (gnupg_rmdir): New. + * tools/gpgconf.c (main): s/rmdir/gnupg_rmdir/. + + gpgconf,w32: Print more registry diagnostics with --list-dirs. + + commit 013f2e4672b1565002700e307d3bb95d9352c4d5 + * tools/gpgconf.c (list_dirs): Figure out classes with the key. + + agent: Make QT_QPA_PLATFORMTHEME=qt5ct work for the pient. + + commit 455ba49071dea7588c9de11785b3092e45e4560b + * agent/call-pinentry.c (atfork_core): Pass DISPLAY. + + agent: New option --check-sym-passphrase-pattern. + + commit c6a4a660fdb977713a1e6c0dd4dae97ddffbe376 + * agent/gpg-agent.c (oCheckSymPassphrasePattern): New. + (opts): Add --check-sym-passphrase-pattern. + (parse_rereadable_options): Set option. + (main): Return option info. + * tools/gpgconf-comp.c: Add new option. + * agent/agent.h (opt): Add var check_sym_passphrase_pattern. + (struct pin_entry_info_s): Add var constraints_flags. + (CHECK_CONSTRAINTS_NOT_EMPTY): New to replace a hardwired 1. + (CHECK_CONSTRAINTS_NEW_SYMKEY): New. + * agent/genkey.c (check_passphrase_pattern): Rename to ... + (do_check_passphrase_pattern): this to make code reading + easier. Handle the --check-sym-passphrase-pattern option. + (check_passphrase_constraints): Replace arg no_empty by a generic + flags arg. Also handle --check-sym-passphrase-pattern here. + * agent/command.c (cmd_get_passphrase): In --newsymkey mode pass + CHECK_CONSTRAINTS_NEW_SYMKEY flag. + * agent/call-pinentry.c (struct entry_parm_s): Add constraints_flags. + (struct inq_cb_parm_s): New. + (inq_cb): Use new struct for parameter passing. Pass flags to teh + constraints checking. + (do_getpin): Pass constraints flag down. + (agent_askpin): Take constraints flag from the supplied pinentry + struct. + +2021-08-17 Ingo Klöcker <dev@ingo-kloecker.de> + + agent: Add checkpin inquiry for pinentry. + + commit 9832566e4512ab7cb90aa0b7f769792f5c123ed4 + * agent/call-pinentry.c: Include zb32. + (MAX_GENPIN_TRIES): New. + (DEFAULT_GENPIN_BYTES): New. + (generate_pin): New. + (setup_genpin): New. + (inq_quality): Rename to ... + (inq_cb): this. Handle checkpin inquiry. + (setup_enforced_constraints): New. + (agent_get_passphrase): Call sertup_genpin. Call + setup_enforced_constraints if new passphrase is requested. + +2021-08-16 Ingo Klöcker <dev@ingo-kloecker.de> + + agent: New option --pinentry-formatted-passphrase. + + commit 32fbdddf8b4729d9a54a7751c0b5e406a470657f + * agent/agent.h (opt): Add field pinentry_formatted_passphrase. + * agent/call-pinentry.c (setup_formatted_passphrase): New. + (agent_get_passphrase): Pass option to pinentry. + * agent/gpg-agent.c (oPinentryFormattedPassphrase): New. + (opts): Add option. + (parse_rereadable_options): Set option. + + common: Pass XDG_SESSION_TYPE and QT_QPA_PLATFORM envvars to pinentry. + + commit 8fff61de9433e9293712a1dd21dfbe12f951eff9 + * common/session-env.c (stdenvnames): Add XDG_SESSION_TYPE and + QT_QPA_PLATFORM. + +2021-08-16 Werner Koch <wk@gnupg.org> + + tools: Extend gpg-check-pattern. + + commit 5ca15e58b241901cc46fd9fad4db3bbb9e321988 + * tools/gpg-check-pattern.c: Major rewrite. + +2021-07-04 Werner Koch <wk@gnupg.org> + + Release 2.2.29. + + commit 695a879af81e895741109874b9ac0712e1afc994 + + +2021-06-25 Werner Koch <wk@gnupg.org> + + dirmngr: Change the default keyserver. + + commit 47c4e3e00a7ef55f954c14b3c237496e54a853c1 + * configure.ac (DIRMNGR_DEFAULT_KEYSERVER): Change to + keyserver.ubuntu.com. + + * dirmngr/certcache.c (cert_cache_init): Disable default pool cert. + * dirmngr/http-ntbtls.c (gnupg_http_tls_verify_cb): Ditto. + * dirmngr/http.c (http_session_new): Ditto. + + * dirmngr/server.c (make_keyserver_item): Use a different mapping for + the gnupg.net names. + + gpg: Let --fetch-key return an exit code on failure. + + commit 5fe4b978875271fb55f1f674ab545bed2b97a7a8 + * g10/keyserver.c (keyserver_fetch): Return an error code. + * g10/gpg.c (main) <aFetchKeys>: Return 1 in case of no data. + +2021-06-23 NIIBE Yutaka <gniibe@fsij.org> + + scd:ccid: Handle LIBUSB_TRANSFER_OVERFLOW interrupt transfer. + + commit b90c55fa66db254da98958de10e1287c39a4322a + * scd/ccid-driver.c (intr_cb): Ignore LIBUSB_TRANSFER_OVERFLOW. + + scd:ccid:spr532: Extend abort_cmd for initialization time. + + commit 8e941e19b08785e5e709943765548d4f9f9f57a3 + * scd/ccid-driver.c (abort_cmd): Add INIT argument to support + synchronize until success, even ignoring timeout. + (bulk_in): Normal use case of abort_cmd. + (ccid_vendor_specific_init): Initial use case of abort_cmd. + +2021-06-22 Werner Koch <wk@gnupg.org> + + tests: Cope with broken Libgcrypt versions. + + commit af2fd9f0af25e1f95d9484f7d2125cd9888aa308 + * common/t-sexputil.c (test_ecc_uncompress): Ignore unknwon curve + errors. + + w32: Add fallback in case the Windows console can't cope with Unicode. + + commit e94dfa21d2c17b590122d55468f68e8ab72e4193 + * common/ttyio.c (w32_write_console): Fallback to WriteConsoleA on + error. + +2021-06-21 Werner Koch <wk@gnupg.org> + + dirmngr: Fix regression in KS_GET for mail address pattern. + + commit adf7bfba5ddce9faadff959369ba2271cdd36825 + * dirmngr/ks-engine-hkp.c (ks_hkp_search): Munge mail address pattern. + (ks_hkp_get): Allow for mail addresses. + - + + Before the keyserver changes in 2.2.28 gpg passed dirmngr a pail + address as an exact pattern (e.g. "=foo@example.org"). Since 2.2.28 + the mail address is detected gpg gpg and we see for example + "<foo@example.org>". This patch fixes this to turn a mail address + into an exact match again. + +2021-06-14 NIIBE Yutaka <gniibe@fsij.org> + + scd: Error code map fix for older Yubikey. + + commit 01a413d5235f1bbd00f83fb86d0e183d8f0b1a57 + * scd/iso7816.c (map_sw): Recognize 6A86. + +2021-06-11 NIIBE Yutaka <gniibe@fsij.org> + + dirmngir: Fix build with --disable-ldap. + + commit c8b2162c0e7eb42b74811b7ed225fa0f56be4083 + * dirmngr/dirmngr.c (parse_rereadable_options) [USE_LDAP]: + Conditionalize. + + dirmngr: Remove use of USE_LDAPWRAPPER. + + commit 8ee4c8d1e0d7677d4f8b9538c12b32bb6393c2c5 + * configure.ac (USE_LDAPWRAPPER): Remove. + * dirmngr/Makefile.am: Use USE_LDAP instead of USE_LDAPWRAPPER. + * dirmngr/ldap-wrapper-ce.c: Remove. + * dirmngr/ldap-wrapper.h, dirmngr/ldap-wrapper.c: Remove + USE_LDAPWRAPPER things. + +2021-06-10 Werner Koch <wk@gnupg.org> + + Release 2.2.28. + + commit 9f6076868ecd313e832c112ea79cfcffed3dc342 + + + gpg: Partial fix for Unicode problem in output files. + + commit 845711d1420cc01289c15ba49deb03200a5cd102 + * g10/openfile.c (overwrite_filep): Use gnupg_access. + + scd: Fix serial number detection for Yubikey 5. + + commit c2f02797cdefdce5afd8b29bb8e51d4515a70a96 + * scd/app.c (app_new_register): Handle serial number correctly. + +2021-06-09 Werner Koch <wk@gnupg.org> + + gpgtar,w32: Fix file size computation. + + commit 198b240b195596974e8b61e2b79fb6e8dc78f89a + * tools/gpgtar-create.c (fillup_entry_w32): Move parentheses. + + sm: New option --ldapserver as an alias for --keyserver. + + commit d6df1bf84969bf5f5781e33bc1c2f6cb2aee0093 + * sm/gpgsm.c (opts): Add option --ldapserver and make --keyserver an + alias. + + dirmngr: Allow to pass no filter args to dirmngr_ldap. + + commit f6e45671aa26f3e7abb968a876de7bbdb4fca3f1 + * dirmngr/dirmngr_ldap.c (main): Handle no args case. + +2021-06-08 Werner Koch <wk@gnupg.org> + + w32: Change spawn functions to use Unicode version of CreateProcess. + + commit 7a98e45e74ec2883c24689964d6119796da0969f + * common/exechelp-w32.c (gnupg_spawn_process): Change to use + CreateProcessW. + (gnupg_spawn_process_fd): Ditto. + (gnupg_spawn_process_detached): Ditto. + * g10/exec.c (w32_system): Ditto. + +2021-06-08 Andre Heinecke <aheinecke@gnupg.org> + + common,w32: Breakaway detached childs when in job. + + commit f20e9a464487443552b6cbdf918c6448d3cb643f + * common/exechelp-w32.c (gnupg_spawn_process_detached): Add + CREATE_BREAKAWAY_FROM_JOB creation flag if required. + +2021-06-08 Werner Koch <wk@gnupg.org> + + w32: Always use Unicode for console input and output. + + commit b912f07cdf00043b97fca54e4113fab277726e03 + * common/init.c (_init_common_subsystems) [W32]: Set the codepage to + UTF-8 for input and putput. Switch gettext to UTF-8. + * g10/gpg.c (utf8_strings) [W32]: Make sure this is always set. + + w32: Free memory allocated by new function w32_write_console. + + commit ebdb62a98a6e917bafb795b5f50483a95790e739 + * common/ttyio.c (w32_write_console): Free buffer. + + common,w32: Allow Unicode input and output with the console. + + commit 90aadf69f730ff1bd053abcd6cc8bc67518ecf4b + * common/ttyio.c (do_get) [W32]: Use ReadConsoleW. + (w32_write_console): New. + (tty_printf, tty_fprintf) [W32]: Use new function. + + common: Re-indent ttyio.c and remove EMX, RISCOS, and CE support. + + commit 521e176a605e6b6229825761906005b05608daf5 + * common/ttyio.c: Remove cruft like EMX and RISCOS support. Translate + a few strings. Re-indent. + + common: Rename w32-misc.c to w32-cmdline.c. + + commit d7d9a5ba3cbf9cf7e22a8871474032b525825eed + * common/w32-misc.c: Rename to .... + * common/w32-cmdline.c: this. + * common/Makefile.am: Adjust. + + common,w32: Implement globing of command line args. + + commit 09f49b4c9aae46c40a189b1270e215bc978dbc3c + * common/w32-misc.c [W32]: Include windows.h + (struct add_arg_s): New. + (add_arg): New. + (glob_arg): New. + (parse_cmdstring): Add arg argvflags and set it. + (w32_parse_commandline): Add arg r_itemsalloced. Add globing. + + * common/init.c (prepare_w32_commandline): Mark glob created items as + leaked. + + * common/t-w32-cmdline.c : Include windows.h + (test_all): Add simple glob test for Unix. + (main): Add manual test mode for Windows. + + * common/xasprintf.c (xtryreallocarray): New. + + common,w32: Refine the command line parsing for \ in quotes. + + commit 4d6807b215e7541fd52caf7e4adc40d77670f99f + * common/t-w32-cmdline.c (test_all): Add new test cases. + * common/w32-misc.c (strip_one_arg): Add arg endquote. + (parse_cmdstring): Take care of backslashes in quotes. + + common: First take on handling Unicode command line args. + + commit 90ddd1cf13cd6bb88d5bb8c1846d7297ca8ac81c + * common/w32-misc.c: New. + * common/t-w32-cmdline.c: New. + * common/init.c: Include w32help.h. + (prepare_w32_commandline): New. + (_init_common_subsystems) [W32]: Call prepare_w32_commandline. + + * common/Makefile.am (common_sources) [W32]: Add w32-misc.c + (module_tests): Add t-w32-cmdline + (t_w32_cmdline_LDADD): New. + + gpg: Prepare for globing with UTF-8. + + commit 1f59c4c8e2cfa2b111f0798212546864668383f9 + * g10/gpg.c (_dowildcard): Remove. + (my_strusage): Enable wildcards using our new system. + + dirmngr: Rewrite the LDAP wrapper tool. + + commit 39815c023f0371dea01f7c51469b19c06ad18718 + * dirmngr/ldap-misc.c: New. + * dirmngr/ldap-misc.h: New. + * dirmngr/ks-engine-ldap.c: Include ldap-misc.h. + (ldap_err_to_gpg_err, ldap_to_gpg_err): Move to ldap-misc.c. + * dirmngr/ldap-wrapper.c (ldap_wrapper): Print list of args in debug + mode. + * dirmngr/server.c (lookup_cert_by_pattern): Handle GPG_ERR_NOT_FOUND + the saqme as GPG_ERR_NO_DATA. + * dirmngr/ldap.c (run_ldap_wrapper): Add args tls_mode and ntds. + Remove arg url. Adjust for changes in dirmngr_ldap. + (url_fetch_ldap): Remove args host and port. Parse the URL and use + these values to call run_ldap_wrapper. + (attr_fetch_ldap): Pass tls flags to run_ldap_wrapper. + (rfc2254_need_escape, rfc2254_escape): New. + (extfilt_need_escape, extfilt_escape): New. + (parse_one_pattern): Rename to ... + (make_one_filter): this. Change for new dirmngr_ldap calling + convention. Make issuer DN searching partly work. + (escape4url, make_url): Remove. + (start_cert_fetch_ldap): Change for new dirmngr_ldap calling + convention. + * dirmngr/dirmngr_ldap.c: Major rewrite. + + * dirmngr/t-ldap-misc.c: New. + * dirmngr/t-support.h (DIM, DIMof): New. + * dirmngr/Makefile.am (dirmngr_ldap_SOURCES): Add ldap-misc.c + (module_tests) [USE_LDAP]: Add t-ldap-misc. + (t_ldap_parse_uri_SOURCES): Ditto. + (t_ldap_misc_SOURCES): New. + +2021-06-08 NIIBE Yutaka <gniibe@fsij.org> + + agent: Appropriate error code for importing key with no passwd. + + commit 2f98d8a0f92dc991bff406e159690a111202fcb4 + * agent/cvt-openpgp.c (convert_from_openpgp_main): Return + GPG_ERR_BAD_SECKEY. + +2021-06-04 Werner Koch <wk@gnupg.org> + + dirmngr: Remove useless code. + + commit 8bd5172539e1399b407aa2a9d56fa51b8e040ae3 + * dirmngr/ks-engine-ldap.c (my_ldap_connect): Remove the + password_param thing because we set the password directly without an + intermediate var. + +2021-06-02 Werner Koch <wk@gnupg.org> + + sm: Support AES-GCM decryption. + + commit b722fd755c77cbba12478f6de8913c73213d78ee + * sm/gpgsm.c (main): Use gpgrt_fcancel on decryption error if gpgrt + supports this. + * sm/decrypt.c (decrypt_gcm_filter): New. + (gpgsm_decrypt): Use this filter if requested. Check authtag. + * common/compliance.c (gnupg_cipher_is_allowed): Allow GCM for gpgsm + in consumer (decrypt) de-vs mode. + +2021-05-28 Werner Koch <wk@gnupg.org> + + gpgconf: Make runtime changes with different homedir work. + + commit c8f0b02936c73b6ef3c99a1bea9ae63f74da0768 + * tools/gpgconf-comp.c (dirmngr_runtime_change): Pass --homedir + first. Remove unused variable. + + dirmngr: Fix default port for our redefinition of ldaps. + + commit 8de9d54ac83fa20cb52b847b643311841be4d6dc + * dirmngr/server.c (make_keyserver_item): Fix default port for ldaps. + Move a tmpstr out of the blocks. + * dirmngr/ks-engine-ldap.c (my_ldap_connect): Improve diagnostics. + +2021-05-27 NIIBE Yutaka <gniibe@fsij.org> + + build: _DARWIN_C_SOURCE should be 1. + + commit 40b2890b4349781ddb0330193aed0286b1d23dad + * configure.ac (*-apple-darwin*): Set _DARWIN_C_SOURCE 1. + +2021-05-26 Werner Koch <wk@gnupg.org> + + dirmngr: Use --ldaptimeout for OpenPGP LDAP keyservers. + + commit 317d5947b84ae2707e46b89fb0d8318c07174e13 + * dirmngr/ks-engine-ldap.c (my_ldap_connect): Use LDAP_OPT_TIMEOUT. + + * dirmngr/dirmngr.c (main): Move --ldaptimeout setting to ... + (parse_rereadable_options): here. + + dirmngr: New option --ldapserver. + + commit ff17aee5d10c8c5ab902253fb4332001c3fc3701 + * dirmngr/dirmngr.c (opts): Add option --ldapserver. + (ldapserver_list_needs_reset): New var. + (parse_rereadable_options): Implement option. + (main): Ignore dirmngr_ldapservers.conf if no --ldapserver is used. + + * dirmngr/server.c (cmd_ldapserver): Add option --clear and list + configured servers if none are given. + + dirmngr: Allow for non-URL specified ldap keyservers. + + commit 2b4cddf9086faaf5b35f64a7db97a5ce8804c05b + * dirmngr/server.c (cmd_ldapserver): Strip an optional prefix. + (make_keyserver_item): Handle non-URL ldap specs. + * dirmngr/dirmngr.h (struct ldap_server_s): Add fields starttls, + ldap_over_tls, and ntds. + + * dirmngr/ldapserver.c (ldapserver_parse_one): Add for an empty host + string. Improve error messages for the non-file case. Support flags. + * dirmngr/ks-action.c (ks_action_help): Handle non-URL ldap specs. + (ks_action_search, ks_action_get, ks_action_put): Ditto. + * dirmngr/ks-engine-ldap.c: Include ldapserver.h. + (ks_ldap_help): Handle non-URL ldap specs. + (my_ldap_connect): Add args r_host and r_use_tls. Rewrite to support + URLs and non-URL specified keyservers. + (ks_ldap_get): Adjust for changes in my_ldap_connect. + (ks_ldap_search): Ditto. + (ks_ldap_put): Ditto. + + gpg,sm: Simplify keyserver spec parsing. + + commit 9f586700ec4ceac97fd47cd799878a8847342ffa + * common/keyserver.h: Remove. + * sm/gpgsm.h (struct keyserver_spec): Remove. + (opt): Change keyserver to a strlist_t. + * sm/gpgsm.c (keyserver_list_free): Remove. + (parse_keyserver_line): Remove. + (main): Store keyserver in an strlist. + * sm/call-dirmngr.c (prepare_dirmngr): Adjust for the strlist. Avoid + an ambiguity in dirmngr by adding a prefix if needed. + + * g10/options.h (struct keyserver_spec): Move definition from + keyserver.h to here. Remove most fields. + * g10/keyserver.c (free_keyserver_spec): Adjust. + (cmp_keyserver_spec): Adjust. + (parse_keyserver_uri): Simplify. + (keyidlist): Remove fakev3 arg which does not make any sense because + we don't even support v3 keys. + + dirmngr: Support pseudo URI scheme "opaque". + + commit 72124fadafde153f8ac89a70202006d831829d06 + * dirmngr/http.h (HTTP_PARSE_NO_SCHEME_CHECK): New. + * dirmngr/http.c (http_parse_uri): Use this flag. Change all callers + to use the new macro for better readability. + (do_parse_uri): Add pseudo scheme "opaque". + (uri_query_value): New. + +2021-05-21 NIIBE Yutaka <gniibe@fsij.org> + + scd: Release memory for RDRNAME. + + commit 5be0d075b1ad03a46a6169bf16cd3ee6102e1358 + * scd/apdu.c (apdu_close_reader): Free RDRNAME field. + +2021-05-20 Jakub Jelen <jjelen@redhat.com> + + scd: avoid memory leaks. + + commit 678e1b20d3531e642fa8871ea56c6c7d5c208fbe + * scd/app-p15.c (send_certinfo): free labelbuf + (do_sign): goto leave instead of return + * scd/command.c (cmd_genkey): goto leave instead of return + + common: Avoid double-free. + + commit 4dc4b025d6dd194a96b11ccfd64d763d2c902a91 + * common/name-value.c (do_nvc_parse): reset to null after ownership + change + +2021-05-19 Ineiev <ineiev@gnu.org> + + po: Update Russian translation. + + commit 17b7048732e265450323cc3e01a48c9d492edf0c + + +2021-05-19 Werner Koch <wk@gnupg.org> + + dirmngr: For KS_SEARCH return the fingerprint also with LDAP. + + commit f0e538619d5079fcd87c31e853e6deb28564a321 + * dirmngr/ks-engine-ldap.c (extract_keys): Return the fingerprint if + available. + (ks_ldap_search): Ditto. + (extract_keys): Make sure to free the ldap values also in corner + cases. + (my_ldap_value_free): New. + (ks_ldap_get): Ditto. + (ks_ldap_search): Ditto. + (my_ldap_connect): Ditto. + +2021-05-18 Werner Koch <wk@gnupg.org> + + gpg: Fix sending an OpenPGP key with umlaut to an LDAP keyserver. + + commit 7bf8530e75d05a712d00a333d59b0a8cf663b9cb + * g10/call-dirmngr.c (record_output): Rewrite. + +2021-05-18 Ingo Klöcker <dev@ingo-kloecker.de> + + scd:p15: Fix logic for appending product name to MANUFACTURER. + + commit aa6288140481bccc366e87fcdc6781dc82d0af31 + * scd/app-p15.c (do_getattr): Append product name to MANUFACTURER if + manufacturer_id does not already contain a bracket and if we have a + product name. + +2021-05-17 Werner Koch <wk@gnupg.org> + + gpg: Use a more descriptive prompt for symmetric decryption. + + commit 03f83bcda5d1f8d8246bcc1afc603b7f74d0626b + * g10/keydb.h (GETPASSWORD_FLAG_SYMDECRYPT): New. + (passphrase_to_dek_ext): Remove this obsolete prototype. + * g10/passphrase.c (passphrase_get): Add arg flags. Use new flag + value. + (passphrase_to_dek): Add arg flags and pass it on. + * g10/mainproc.c (proc_symkey_enc): Use new flag. + + sm: Ask for the password for password based decryption (pwri) + + commit 50ea1b67e8260aaebbeba0c4cd73e21443a74636 + * sm/decrypt.c (pwri_decrypt): Add arg ctrl. Ask for passphrase. + + * sm/export.c (export_p12): Mark string as translatable. + * sm/import.c (parse_p12): Ditto. + + sm: Support decryption of password based encryption (pwri) + + commit 6f31acac767f2ec67729c0491f29061b26fe14b9 + * sm/decrypt.c (string_from_gcry_buffer): New. + (pwri_parse_pbkdf2): New. + (pwri_decrypt): New. + (prepare_decryption): Support pwri. + (gpgsm_decrypt): Test for PWRI. Move IS_DE_VS flag to DFPARM. + + * common/sexputil.c (cipher_mode_to_string): New. + + dirmngr: LDAP search by a mailbox now ignores revoked keys. + + commit b6f8cd7eef4b00a2c6ccaac743382f1dd83bde6a + * dirmngr/ks-engine-ldap.c (keyspec_to_ldap_filter): Ignore revoked + and disable keys in mail mode. + +2021-05-07 NIIBE Yutaka <gniibe@fsij.org> + + scd,pcsc: Use a single context. + + commit 987b8168602286d06debbbc8d4deebd35f454e29 + * scd/apdu.c (pcsc): New variable. + (struct reader_table_s): Remove pcsc.context from member. + (pcsc_get_status, connect_pcsc_card): Use pcsc.context. + (close_pcsc_reader): Release pcsc.context here with reference count. + (apdu_open_one_reader): Move API loading to ... + (pcsc_init): new. + (apdu_open_one_reader): Remove. + (apdu_open_reader): Call open_pcsc_reader instead of + apdu_open_one_reader. + (open_pcsc_reader): Call pcsc_init if needed. Call close_pcsc_reader + instead of pcsc_release_context. Make reader parsing more robust. + (apdu_init): Initialize pcsc.count and pcsc.context. + +2021-05-04 Werner Koch <wk@gnupg.org> + + gpg: Allow ECDH with a smartcard returning just the x-coordinate. + + commit b203325ce112c223a5164081cecd14744a01ff69 + * g10/ecdh.c (pk_ecdh_encrypt_with_shared_point): Factor extraction + part out to ... + (extract_secret_x): new. Allow for x-only coordinate. + (pk_ecdh_encrypt_with_shared_point): Change arg shared_mpi + to (shared,nshared). Move param check to the top. Add extra safety + check. + (pk_ecdh_decrypt): Adjust for change. + * g10/pkglue.c (get_data_from_sexp): New. + (pk_encrypt): Use it for "s" and adjusted for changed + pk_ecdh_encrypt_with_shared_point. + * g10/pubkey-enc.c (get_it): Remove conversion to an MPI and call + pk_ecdh_decrypt with the frame buffer. + + scd: Fix possible PC/SC removed card problem. + + commit 9d83bfb639680d3bc756fcfe2b7f83b18bed8dff + * scd/apdu.c (pcsc_cancel): New. + (pcsc_init): Load new function. + (connect_pcsc_card): Use it after a removed card error. + + scd: Add string for another PC/SC error code. + + commit a475bb725be7e275a06e0625b0088f607f36634c + * scd/apdu.c (PCSC_E_NO_READERS_AVAILABLE): New. + (pcsc_error_string): Add a description for this. + * scd/scdaemon.c (scd_kick_the_loop): Fix diagnostic. + +2021-05-04 Kirill Elagin <kirelagin@gmail.com> + + scd: Fix unblock PIN by a Reset Code with KDF. + + commit 6c4216094ef4771d1d5011b7aee35f241e3bcc4d + * scd/app-openpgp.c (do_change_pin): Use correct CHVNO=1 for + pin2hash_if_kdf, for user's PIN. + +2021-05-04 Werner Koch <wk@gnupg.org> + + gpg: Fix mailbox based search via AKL keyserver method. + + commit 22fe23f46d3179cb0a68f58bf6f722b89c0c4d9c + * g10/keyserver.c (keyserver_import_name): Rename to ... + (keyserver_import_mbox): this. And use mail search mode. + * g10/getkey.c (get_pubkey_byname): Change the two callers. + + gpg: Auto import keys specified with --trusted-keys. + + commit e7251be84c797ddbc3f0a5212886761666e3aa33 + * g10/getkey.c (get_pubkey_with_ldap_fallback): New. + * g10/trustdb.c (verify_own_keys): Use it. + + (cherry picked from commit 100037ac0f558e8959fc065d4703c85c2962489e) + + gpg: Allow decryption w/o public key but with correct card inserted. + + commit e53f6037283e1a4f18b1c5d66d2678888c701cea + * agent/command.c (cmd_readkey): Add option --no-data and special + handling for $SIGNKEYID and $AUTHKEYID. + * g10/call-agent.c (agent_scd_getattr): Create shadow keys for KEY-FPR + output. + * g10/skclist.c (enum_secret_keys): Automagically get a missing public + key for the current card. + + agent: Silence error messages for READKEY --card. + + commit aa612d752ebb1851f23184df084aed5314b72e3a + * agent/command.c (cmd_readkey): Test for shadow key before creating + it. + + (cherry picked from commit 8f2c9cb73538baab7da8107f2cceb2f6fc49642a) + +2021-05-03 Werner Koch <wk@gnupg.org> + + gpg: Allow fingerprint based lookup with --locate-external-key. + + commit 2af217ecd7e4242be2b35bc0085eccaf13cc2027 + * g10/keyserver.c (keyserver_import_fprint_ntds): New. + * g10/getkey.c (get_pubkey_byname): Detect an attempt to search by + fingerprint in no_local mode. + + gpg: Lookup a missing public key of the current card via LDAP. + + commit b59af0e2a05a3714b0bcbe7e775c6ffacfbc7119 + * g10/getkey.c (get_seckey_default_or_card): Lookup a missing public + key from the current card via LDAP. + * g10/call-dirmngr.c: Include keyserver-intetnal.h. + (gpg_dirmngr_ks_get): Rename arg quick into flags. Take care of the + new LDAP flag. + * g10/keyserver-internal.h (KEYSERVER_IMPORT_FLAG_QUICK): New. + Replace the use of the value 1 for the former quick arg. + (KEYSERVER_IMPORT_FLAG_LDAP): New. + * g10/keyserver.c (keyserver_get_chunk): Increase the reserved line + length. + * dirmngr/ks-action.c (ks_action_get): Add arg ldap_only. + * dirmngr/server.c (cmd_ks_get): Add option --ldap. + + scd: Add option --info to emit KEYPAIRINFO by readkey command. + + commit b8df8321e1ef38147f42af1166d2c60805f88b9c + * scd/command.c (do_readkey): Implement this. + * scd/app-help.c (app_help_get_keygrip_string_pk): Make HEXKEYGRIP + parm optional. Add arg R_ALGOSTR. + +2021-05-03 NIIBE Yutaka <gniibe@fsij.org> + + common: Fix gnupg_wait_processes, by skipping invalid PID. + + commit c2ba6bea4ce81a066765c285c4b7c1dc6d39f144 + * common/exechelp-posix.c (gnupg_wait_processes): Skip invalid PID. + +2021-05-03 Werner Koch <wk@gnupg.org> + + agent: Skip unknown unknown ssh curves seen on cards. + + commit bbf4bd3bfcb51e9d91e08ceefba3ff016bae50ff + * agent/command-ssh.c (ssh_handler_request_identities): Skip unknown + curves. + +2021-04-29 Werner Koch <wk@gnupg.org> + + gpgconf: Do not i18n an empty string to the PO files meta data. + + commit a456303ae306fbfda0cf89ff41678d50c24bf6fc + * tools/gpgconf-comp.c (my_dgettext): Ignore empty strings. + + scd: New option --pcsc-shared. + + commit 5eec40f3d82777b4fb807a9bf1b71422a8caa2f9 + * scd/scdaemon.h (opt): Add field opcsc_shared. + * scd/scdaemon.c (opcscShared): New. + (opts): Add "--pcsc-shared". + (main): Set flag. + * scd/apdu.c (connect_pcsc_card): Use it. + (pcsc_get_status): Take flag in account. + * scd/app-openpgp.c (verify_chv2): Do not auto verify chv1 in shared + mode. + + scd: Rewrite READKEY to allow for compressed points. + + commit 96577e2e46e4c5b66a2685cb605e07be0a6a09a5 + * scd/app-help.c (app_help_pubkey_from_cert): New. Taken from 2.3. + * scd/command.c (cmd_readkey): Rewrite using new helper. + + common: Extend the openpgp_curve_to_oid function. + + commit 5b8593135fa6e88ecc459444ec19b9a824f12a15 + * common/openpgp-oid.c (openpgp_curve_to_oid): Add optional arg R_NBITS. + Change all callers. + + common: New module to compute openpgp fingerprints. + + commit f3c98b8cb5adcac17043fa6066b73bd08c8ef41a + * common/openpgp-fpr.c: New. + * common/Makefile.am (common_sources): Add it. + + common: New function to uncompress an ECC public key. + + commit c825117c5fa562fced0d3cafc22fd878cf615b42 + * common/sexputil.c (ec2os): New. + (uncompress_ecc_q_in_canon_sexp): New. + + * common/t-sexputil.c (fail2): new. + (test_ecc_uncompress): New. + (main): Run new test. + + common: New function cmp_canon_sexp. + + commit 473e649ea1a69e82b7f99a17fbff4d641936c61c + * common/sexputil.c (cmp_canon_sexp): New. + (cmp_canon_sexp_def_tcmp): New. + * common/t-sexputil.c (test_cmp_canon_sexp): Add a simple test. + + scd: New function send_keyinfo to assist in backporting. + + commit 0eed0ced9bcd3c14621076d26cf4d9f809e1873c + * scd/command.c (send_keyinfo): New. + + scd: Minor changes to assist in backporting from 2.3. + + commit 3db99b8861a7544efee13be45d14bbac63c0c868 + * scd/command.c (send_status_direct): Return an error code. + * scd/app-common.h (APP_LEARN_FLAG_REREAD): New. + + scd: Extend an internal function to also return the algo. + + commit 72a7d45a230bf28e2ba7e8a57b702c98998ea0a3 + * scd/app-help.c (app_help_get_keygrip_string_pk): Add optional arg + r_algo. Change all callers. + (app_help_get_keygrip_string): Ditto. + + scd: New function for iso7816 PSO_CSV. + + commit 91dd74f3d7e3630bb7f298fe4d392f8a6cef9acb + * scd/iso7816.c (iso7816_pso_csv): New. + + scd: Extend iso7816_select_path. + + commit 855d14d390e8dd8464f2f38187dbccb19a13e815 + * scd/iso7816.c (iso7816_select_path): Add arg top_fd. + * scd/app-nks.c (do_readkey): Adjust for this change + (select_ef_by_path: Ditto. + + * common/tlv.h: Include membuf.h. + + scd: Add new status codes. + + commit 3ce69d8387925d444d529ce0bb5beed9e880aad7 + * scd/apdu.h (SW_SM_NOT_SUP, SW_CC_NOT_SUP, SW_FILE_STRUCT) + (SW_NO_CURRENT_EF): New. + * scd/apdu.c (apdu_strerror): Map them to strings. + * scd/iso7816.c (map_sw): ... and to gpg-error. + + scd: Extend ISO binary and record reading functions. + + commit ec9e8e0d6a1fe47dbf42652c4246e1c34fdf0288 + * scd/iso7816.c (iso7816_read_binary_ext): Add optional arg r_sw and + change callers. + (iso7816_read_record): Factor all code out to ... + (iso7816_read_record_ext): New. + +2021-04-13 Werner Koch <wk@gnupg.org> + + gpg: Do not use self-sigs-only for LDAP keyserver imports. + + commit 1303b0ed84da57b48d88343ab43f83546e508aba + * dirmngr/ks-engine-ldap.c (ks_ldap_get): Print a SOURCE status. + * g10/options.h (opts): New field expl_import_self_sigs_only. + * g10/import.c (parse_import_options): Set it. + * g10/keyserver.c (keyserver_get_chunk): Add special options for LDAP. + +2021-04-08 NIIBE Yutaka <gniibe@fsij.org> + + scd: Fix CCID driver for SCM SPR332/SPR532. + + commit f8ae51977ce4079d638d1ae2f3dd1da41c02a6d7 + * scd/ccid-driver.c (ccid_vendor_specific_pinpad_setup): New. + (ccid_vendor_specific_setup): Only send CLEAR_HALT. + (ccid_transceive_secure): Each time, use send_escape_cmd. + +2021-04-06 Werner Koch <wk@gnupg.org> + + gpg: Fix new pseudo option compliance_de_vs. + + commit 18551c6dc2c33f856d05053b27a1210c4c607cef + * g10/gpg.c (gpgconf_list): Take opt.compliance also in account. + +2021-04-01 Werner Koch <wk@gnupg.org> + + common: Make the compliance check more robust. + + commit 8ef0f53cb0014026d0d58b8de2133310d96bc1e3 + * common/compliance.c (get_compliance_cache): New. + (gnupg_rng_is_compliant): Use per mode cache. + (gnupg_gcrypt_is_compliant): Ditto. + + gpgconf: Return a new pseudo option compliance_de_vs. + + commit 9feffc03f36499162342609897484b4b32fd53a7 + * tools/gpgconf-comp.c (gc_options_gpg): Add "compliance_de_vs". + * g10/gpg.c (gpgconf_list): Return that pseudo option. + +2021-03-26 Werner Koch <wk@gnupg.org> + cbiedl@gnupg.com + + gpgconf: Fix argv overflow if --homedir is used. + + commit a50093893cd100c74a32cbacc749aab582154625 + * tools/gpgconf-comp.c (gc_component_launch): Fix crash due to too + small array. + +2021-03-11 Werner Koch <wk@gnupg.org> + + gpg: New option --force-sign-key. + + commit 87d7b7e07565bdba9e9e8b8698f7094046d4f762 + * g10/gpg.c (oForceSignKey,opts): New option "--force-sign-key". + (main): Set it. + * g10/options.h (opt): New flag flags.force_sign_key. + * g10/keyedit.c (sign_uids): Use new flag. + +2021-03-02 Werner Koch <wk@gnupg.org> + + sm: Do away with the locked flag in keydb.c. + + commit f3e68e39da7609f594572833528a0f2b9c20bf2d + * sm/keydb.c (struct keydb_handle): Remove field locked. + (keydb_lock): Remove use of locked flag. + (lock_all): Ditto. + (unlock_all): Ditto. + (keydb_set_flags): Use dotlock_is_locked instead of the locked flag. + (keydb_insert_cert): Ditto. + (keydb_delete): Ditto. + (keydb_search): s/keydb_lock/lock_all/. + (keydb_set_cert_flags): Ditto. + (keydb_clear_some_cert_flags): Ditto. + + * sm/keydb.c (maybe_create_keybox): s/access/gnupg_access/. + + common: New function dotlock_is_locked. + + commit 67b82a9c607e1488972a85a30015f48c68245af0 + * common/dotlock.c (dotlock_is_locked): New. + (dotlock_take): Set locked flag also in disabled mode. No more + warning if the lock has already been taken. + (dotlock_release): Clear locked flag also in disabled mode. No more + warning if the lock has not been taken. + + sm: Lock kbx files also before a search. + + commit 677245ba0e7d6c0bc85ac998f47e3f220b736840 + * sm/keydb.c (keydb_search): Lock files. + + sm: On Windows close the kbx files at several places. + + commit 2b9ae79ad81a0d3eff011fabe6629e371cd7c5b4 + * kbx/keybox-search.c (keybox_search_reset) [W32]: Always close. + + * kbx/keybox-init.c (keybox_close_all_files): New. + * sm/keydb.c (keydb_close_all_files): New. + * sm/call-dirmngr.c (gpgsm_dirmngr_isvalid): Call new function. + (gpgsm_dirmngr_lookup): Ditto. + (gpgsm_dirmngr_run_command): Ditto. + + sm: Remove unused function. + + commit c99f3599d80d351dda1400314b43ea8ccdcc7b7d + * sm/keydb.c (keydb_insert_cert): Remove. + * kbx/keybox-update.c (keybox_update_cert): Remove stub. + +2021-03-01 Nicolas Fella via Gnupg-devel <gnupg-devel@gnupg.org> + + gpg: Keep temp files when opening images via xdg-open. + + commit 0441ed6e1c1d7eac81bfbec6ce51f319d9d20eb7 + * g10/photoid.c (get_default_photo_command): Change parameter for + xdg-open. + +2021-03-01 Werner Koch <wk@gnupg.org> + + sm: Silence some other pkcs#12 import prattle. + + commit e5af401fc4c3294de9a4f10630b200185329230b + * sm/minip12.c (parse_bag_data): Print a regular log_info only in + verbose mode. + +2021-02-24 Werner Koch <wk@gnupg.org> + + sm: Silence some output on --quiet. + + commit bcdbf0fcf3c1c210504cbed53f524704747deaaa + * sm/encrypt.c (gpgsm_encrypt): Take care of --quiet. + * sm/gpgsm.c: Include minip12.h. + (set_debug): Call p12_set_verbosity. + * sm/import.c (parse_p12): Dump keygrip only in debug mode. + * sm/minip12.c (opt_verbose, p12_set_verbosity): New. + (parse_bag_encrypted_data): Print info messages only in verbose mode. + +2021-02-19 Werner Koch <wk@gnupg.org> + + scd: Change parameters of readkey fucntion pointer. + + commit 41979ed7308ef3ab1c877d3f110ce9b61eb17bec + * scd/app-common.h (APP_READKEY_FLAG_ADVANCED): New. + (struct app_ctx_s): Replace param advanced by flags in readkey. + Change all users. + + scd: Pass ctrl parameter to more app functions. + + commit 669786cf646d8636de85a3cb8b3aa83ba709d207 + * scd/app-common.h (struct app_ctx_s): Add parameter ctrl to function + pointers for readkey, setattr, sign, auth, decipher, and check_pin. + + scd: Detect Yubikey and provide nicer display-s/n. + + commit f8588369bcb0e66118725793b53e871ce2acb10d + * scd/app-common.h (struct app_ctx_s): Rename unused field + card_version to cardversion. + * scd/app.c (app_new_register): Add code rom 2.3 to detect the Yubikey + and set cardversion. + (app_get_dispserialno): New. + * scd/app-openpgp.c (do_getattr): Use app_get_dispserialno. + + scd: Change the apptype from a string to an enum. + + commit 43b3ec5aee40172890c077485e438d2d4994d81d + * scd/app-common.h (cardtype_t): New. + (apptype_t): New. + (struct app_ctx_s): Change type of field apptype. Add fields + appversion and cardtype. Adjust all app-*.c for the new type. + * scd/app.c (supported_app_list): New. + (strapptype): New. + (apptype_from_name): New. + (app_dump_state): Use strapptype. + (app_write_learn_status): Ditto. + (app_getattr): Ditto. + (check_conflict): Use apptype_from_name and integer comparison. + * scd/app-openpgp.c: Replace app->card_version by app->appversion. + + scd: Add some compatibility code for easier backporting. + + commit 6380126b31aacb2e8ad3aae4866d4d384186bf97 + * scd/app-common.h (APP_WRITEKEY_FLAG_FORCE): New. + (APP_READKEY_FLAG_INFO): New. + (APP_LEARN_FLAG_KEYPAIRINFO): New. + (APP_LEARN_FLAG_MULTI): New. + (struct app_ctx_s): New forward declaration. + (struct app_ctx_s): Add members prep_reselect, reselect, and + with_keygrip. + (KEYGRIP_ACTION_SEND_DATA): New. + (KEYGRIP_ACTION_WRITE_STATUS): New. + (KEYGRIP_ACTION_LOOKUP): New. + (APP_CARD): New macro. + * scd/scdaemon.h: Include app-common.h and remove from all other + files. + (app_t): Move typedef to ... + * scd/app-common.h: here. + +2021-02-17 Werner Koch <wk@gnupg.org> + + dirmngr: Support new gpgNtds parameter in LDAP keyserver URLs. + + commit 55f46b33df08e8e0ea520ade5f73b321bc01d705 + * dirmngr/ldap-parse-uri.c (ldap_parse_uri): Support a new gpgNtds + extension. + * dirmngr/ks-engine-ldap.c (my_ldap_connect): Do ldap_init always with + hostname - which is NULL and thus the same if not given. Fix minor + error in error code handling. + + dirmngr: Rewrite a weird function by straighter code. + + commit cdc828f6902667196eb3870f9287045afe7144d5 + * dirmngr/ldap-parse-uri.c (ldap_uri_p): Use ascii-memcasecmp. + +2021-01-28 Werner Koch <wk@gnupg.org> + + Include the library version in the compliance checks. + + commit 6e258babe7ccc52a7fb621339c2e2fc5f0f23bc9 + * common/compliance.c (gnupg_gcrypt_is_compliant): New. + (gnupg_rng_is_compliant): Also check library version. + * g10/mainproc.c (proc_encrypted): Use new function. + (check_sig_and_print): Ditto. + * sm/decrypt.c (gpgsm_decrypt): Ditto. + * sm/encrypt.c (gpgsm_encrypt): Ditto. + * sm/verify.c (gpgsm_verify): Ditto + +2021-01-27 Werner Koch <wk@gnupg.org> + + gpg: Fix ugly error message for an unknown symkey algorithm. + + commit 9037be5f40da409a7734a2672e64345472f294fc + * g10/mainproc.c (proc_symkey_enc): Do not continue with an unknown + algorithm. + +2021-01-11 Werner Koch <wk@gnupg.org> + + Release 2.2.27. + + commit 0c103cde00098bdf1cec8f27e764300d192210e4 + + + gpg,w32: Fix gnupg_remove. + + commit 3901c1a8c59a436ea4509d5aaebbecc5a0268391 + * common/sysutils.c (map_w32_to_errno): New. + (gnupg_w32_set_errno): New. + (gnupg_remove) [w32]: Set ERRNO + +2021-01-08 Werner Koch <wk@gnupg.org> + + gpg: Fix --gpgconf-list case with no conf files at all. + + commit 9f37d3e6f307a9460c0a356afa1f8b991c527d6c + * g10/gpg.c (get_default_configname): Remove unused function. + (main): Provide a proper filename to gpgconf_list. + +2021-01-07 Werner Koch <wk@gnupg.org> + + gpgconf: Fix description of two new options. + + commit ff30fcd3dc78c00ed87ce6bd3414b828bdf51e84 + * tools/gpgconf-comp.c: Fix auto-key-import and include-key-block. + +2020-12-30 Werner Koch <wk@gnupg.org> + + wkd: Minor permission fix for created files. + + commit fdc54850263b2b888398f95be7816134b45a60d3 + * tools/wks-util.c (wks_cmd_install_key): Don't set u+x on the file. + (ensure_policy_file): No need to make the policy file group writable. + +2020-12-23 Werner Koch <wk@gnupg.org> + + gpg: Initialize a variable even in a never used code path. + + commit 83e875a2d1e7560b9626266373c89e6e6eb7cb50 + * g10/sign.c (write_signature_packets): Init ERR. + +2020-12-21 Werner Koch <wk@gnupg.org> + + Release 2.2.26. + + commit c77bb1a750f0e2d6538d23fdc0af0e3ff3d56781 + + + common: Remove superfluous debug output from dotlock.c. + + commit 323a69ef65e0d48fb9d038ecca01a70688ad3325 + * common/dotlock.c (dotlock_create_unix): Remove debug output. + + doc: Explain LDAP keyserver parameters. + + commit 261fb98c6f034f3f96abee79ea73febd115420ae + + + common: Fix the "ignore" meta command in argparse.c. + + commit 09dc59f6d43f5e81781429913b8f377581825be0 + * src/argparse.c (gnupg_argparse): Factor some code out to ... + (prepare_arg_return): new. + (gnupg_argparse): No missing arg error in ignore sections. + * common/sysutils.c: Include pwd.h. + (gnupg_getusername): New. + +2020-12-18 Werner Koch <wk@gnupg.org> + + gpg: Fix --trusted-key with fingerprint arg. + + commit 8a2e5025eb0f9537a4e776cf2886771a507121f1 + * g10/trustdb.c (tdb_register_trusted_key): Take care of that + other constant. + + dirmngr: Do not block threads in LDAP keyserver calls. + + commit 15bfd189c07ef0f1bb94db0aee9ad26441ddc494 + * dirmngr/ks-engine-ldap.c: Wrap some ldap calls. + + dirmngr: Fix backport of the new option parser from 2.3. + + commit 9b886adba4f83ca462f8015060bcea8a7ceb6bb0 + * dirmngr/dirmngr.c (main) <aGPGConfList>: Re-introduce + gpgconf-dirmngr.conf. + +2020-12-17 Werner Koch <wk@gnupg.org> + + gpg: New AKL method "ntds" + + commit 559efd23e936536435a42646b62fe8c4f8585d38 + * dirmngr/ks-engine-ldap.c (keyspec_to_ldap_filter): Change the new + support for KEYDB_SEARCH_MODE_MAIL. + (ks_ldap_get): Add a debug. + * g10/options.h (AKL_NTDS): New. + * g10/keyserver.c (keyserver_import_ntds): New. + (keyserver_get_chunk): Allow KEYDB_SEARCH_MODE_MAIL. + * g10/getkey.c (parse_auto_key_locate): Support "ntds". + (get_pubkey_byname): Ditto. + + dirmngr: Support "ldap:///" for the current AD user. + + commit 776bef74c778c6740a6aac8a05801a958868346d + * dirmngr/http.h (struct parsed_uri_s): Add field ad_current. + * dirmngr/ldap-parse-uri.c (ldap_parse_uri): Set it. + * dirmngr/ks-engine-ldap.c (my_ldap_connect): Take care of ad_current. + + dirmngr: Allow LDAP searches via fingerprint. + + commit c75fd75532905a2922288e0e8ac01fcd0226fc52 + * dirmngr/ks-engine-ldap.c (keyspec_to_ldap_filter): Add arg + serverinfo and allow searching by fingerprint. + (ks_ldap_get, ks_ldap_search): First connect then create teh filter. + + dirmngr: Store all version 2 schema attributes. + + commit c28cb5282b149f1e34df6f923e88e1998a60cc4a + * g10/call-dirmngr.c (ks_put_inq_cb): Emit "fpr" records. + * dirmngr/ks-engine-ldap.c (extract_attributes): Add args + extract-state and schemav2. Add data for the new schema version. + remove the legacy code to handle UIDs in the "pub" line. + (ks_ldap_put): Set new attributes for NTDS use the fingerprint as CN. + + + This is a backport from 2.3 + + dirmngr: Support the new Active Directory schema. + + commit ac8ece92662d83b79b03a369df07362d320fd118 + * dirmngr/ks-engine-ldap.c (SERVERINFO_): New constants. + (my_ldap_connect): Relace args pgpkeyattrp and real_ldapp by a new + serverinfo arg. Set the new info flags. + (ks_ldap_get): Adjust for change. + (ks_ldap_search): Ditto. + (ks_ldap_put): Ditto. Replace xmalloc by xtrymalloc. Change the DN + for use with NTDS (aka Active Directory). + + dirmngr: Do not store the useless pgpSignerID in the LDAP. + + commit 0e88c73bc94fbca224f06d95bb024030bb3a73bb + * dirmngr/ks-engine-ldap.c (extract_attributes): Do not store the + pgpSignerID. + * g10/call-dirmngr.c (ks_put_inq_cb): Do not emit sig records. + + dirmngr: Fix adding keys to an LDAP server. + + commit e47de853820000ddf383e7b790fbc435e3378d66 + * dirmngr/ks-engine-ldap.c (ks_ldap_put): Extract attribites into + addlist. + +2020-12-16 NIIBE Yutaka <gniibe@fsij.org> + + scd:ccid: Call libusb_clear_halt in ccid_vendor_specific_setup. + + commit 3c55e15cee4bfed6ef96fbc97a0d2f00afceebe3 + * scd/ccid-driver.c (ccid_vendor_specific_setup): Only for SPR532, + call libusb_clear_halt. + + scd:ccid: Revert the addition of libusb_clear_halt for EP_INTR. + + commit 585cfca0a60bd910012a8a2218f74889840b2546 + * scd/ccid-driver.c (ccid_setup_intr): Don't call libusb_clear_halt. + +2020-12-07 NIIBE Yutaka <gniibe@fsij.org> + + scd:openpgp: Fix writing ECC key to card. + + commit 5a03bf61304d0c2c8b4df53a1a7680cd0eb91cb1 + * scd/app-openpgp.c (build_privkey_template): Adding another argument + of ecc_d_fixed_len to handle variable-size MPI. + +2020-12-04 Werner Koch <wk@gnupg.org> + + Backport of the new option parser from 2.3. + + commit a028f24136a062f55408a5fec84c6d31201b2143 + * configure.ac (GPGRT_ENABLE_ARGPARSE_MACROS): Define. + * common/argparse.c, common/argparse.h: Rewrite. + * tests/gpgscm/main.c: Switch to the new option parser. + + * g10/gpg.c: Switch to the new option parser and enable a global conf + file. + * g10/gpgv.c: Ditto. + * agent/gpg-agent.c: Ditto. + * agent/preset-passphrase.c: Ditto. + * agent/protect-tool.c: Ditto. + * scd/scdaemon.c: Ditto. + * dirmngr/dirmngr.c: Ditto. + * dirmngr/dirmngr_ldap.c: Ditto + * dirmngr/dirmngr-client.c: Ditto. + * kbx/kbxutil.c: Ditto. + * tools/gpg-card.c: Ditto. + * tools/gpg-check-pattern.c: Ditto. + * tools/gpg-connect-agent.c: Ditto. + * tools/gpg-pair-tool.c: Ditto. + * tools/gpg-wks-client.c: Ditto. + * tools/gpg-wks-server.c: Ditto. + * tools/gpgconf.c: Ditto. + * tools/gpgsplit.c: Ditto. + * tools/gpgtar.c: Ditto. + * g13/g13.c: Ditto. + * g13/g13-syshelp.c: Ditto. Do not force verbose mode. + * sm/gpgsm.c: Ditto. Add option --no-options. + +2020-12-02 Werner Koch <wk@gnupg.org> + + kbx: Better error message in case of a crippled Libgcrypt. + + commit acafa695e1e7998b892a6a621ef06d57bbc82722 + * kbx/keybox-openpgp.c (keygrip_from_keyparm): Detect missing curve. + +2020-12-01 Jens Meißner <meissner@b1-systems.de> + + doc: Add parameters for batch generation of ECC keys. + + commit a3f95a29b97d603c606936620e4638cc6db10ec9 + * doc/gpg.texi: Add parameters for batch generation of ECC keys. + +2020-11-27 NIIBE Yutaka <gniibe@fsij.org> + + common: Fix fallback handling to utf-8. + + commit 7d7a50ba7231bd4432b1254c7067a7f287890632 + * common/utf8conv.c (handle_iconv_error): Set NO_TRANSLATION. + +2020-11-23 Werner Koch <wk@gnupg.org> + + Release 2.2.25. + + commit 40f75823d25548abbc52dd6121963a55d99b1230 + + +2020-11-19 Werner Koch <wk@gnupg.org> + + gpgconf: Also print revision of libksba. + + commit 6594dc31f58916b6f8b31de070e85d56221e3b94 + * dirmngr/dirmngr.c (get_revision_from_blurb): Fix detection of empty + string. + (gpgconf_versions): Print ksba revision. + +2020-11-19 Jakub Bogusz <qboosh@pld-linux.org> + + po: Update Polish translation. + + commit f7cbf68fdd1e42cdbabec7e06f2149f6b3f1d1dc + + +2020-11-19 NIIBE Yutaka <gniibe@fsij.org> + + scd:openpgp: Public keys should be available for check_keyidstr. + + commit 84020385be19556800b22cc5b0ce098acd424298 + * scd/app-openpgp.c (check_keyidstr): Call get_public_key. + +2020-11-17 Werner Koch <wk@gnupg.org> + + Release 2.2.24. + + commit 5751c48035764d938ae0459fcecd37194133bfb7 + + +2020-11-16 Werner Koch <wk@gnupg.org> + NIIBE Yutaka <gniibe@fsij.org> + + scd:openpgp: Allow keygrip to be used to reference a key. + + commit 1049f06c6d2e1a833af4c73ea67a05417bbd0967 + * scd/app-openpgp.c (struct app_local_s): Add keygrip_str. + (store_keygrip): New. + (read_public_key): Store the keygrip. + (get_public_key): Sitto. + (send_keypair_info): USe the stored keygrip. + (check_keyidstr): New. Factored out from other functions and + extended. + (do_sign): Use check_keyidstr. + (do_auth): Ditto. + (do_decipher): Ditto. + (do_check_pin): Ditto. + +2020-11-13 Werner Koch <wk@gnupg.org> + + gpg: Provide better diagnostic for replaced card keys. + + commit 5d98f95aa90c290a88ce97525d9f98f0aaf9e5aa + * agent/divert-scd.c (divert_pksign): Add arg 'grip'. Replace OPENPGP + key reference to keygrips. + (divert_pkdecrypt): Ditto. + * agent/protect.c (parse_shadow_info): Trim spaces. + * agent/pkdecrypt.c (agent_pkdecrypt): Pass the keygrip. + * agent/pksign.c (agent_pksign_do): Ditto. + + * g10/mainproc.c (print_pkenc_list): Print extra info for an invalid + id error. + * g10/sign.c (do_sign): Ditto. + + gpg: Fix the encrypt+sign hash algo preference selection for ECDSA. + + commit aeed0b93ff660fe271d8f98f8d5ce60aa5bf3ebe + * g10/keydb.h (pref_hint): Change from union to struct and add field + 'exact'. Adjust callers. + * g10/pkclist.c (algo_available): Take care of the exact hint. + * g10/sign.c (sign_file): Fix indentation. Rework the hash from + recipient prefs. + +2020-11-12 Werner Koch <wk@gnupg.org> + + gpgconf: Yet another fix for --apply-profile. + + commit f400ff4e7dfb424fbfcf7dfc5f80d89757ece5ab + * tools/gpgconf.c (main): Use gnupg_homedir instead of + default_homedir. Check for existance of the directory. + + scd: Skip unknown options in command SERIALNO. + + commit 7076f6cafbac0cfbb3ab11e0f27c5d04ca956e8f + * scd/command.c (cmd_serialno): Skip options. + +2020-11-11 Werner Koch <wk@gnupg.org> + + gpg: Support brainpool keygen with "key from card". + + commit 966fe1e9d98a0345da9b506ce9be0ad398f12d43 + * g10/keygen.c (ask_algo): Add brainpool hack in the same as for Nist + curves. + +2020-11-10 Werner Koch <wk@gnupg.org> + + w32: Support Unicode also for config files etc. + + commit 163e4ff1959788781403ddf85f808054de414fd6 + * common/sysutils.c (gnupg_fopen) [W32]: Use _wfopen if needed. Use + new function in most places where fopen is used. + + w32: Support utf8 for getcwd even if build with gpgrt < 1.40. + + commit 9188a3c6b7eb871f711a0979620ca72f99522d53 + * common/sysutils.c (gnupg_getcwd) [W32]: Use Unicode version. + +2020-11-09 NIIBE Yutaka <gniibe@fsij.org> + + scd: Internal CCID driver: Fix a race condition on close. + + commit 8e206c1721564c91dd05ea46b5262670011155ab + * scd/ccid-driver.c (ccid_require_get_status): For VENDOR_SCM reader, + return 0 only at the initial call. + (bulk_in): Don't detect an error for VENDOR_SCM reader, just kicking + the loop, to invoke scd_update_reader_status_file, which calls + ccid_slot_status again. + (ccid_slot_status): Move the call of ccid_vendor_specific_setup to... + (ccid_get_atr): ... here. + +2020-11-09 Werner Koch <wk@gnupg.org> + + card: Run factory-reset in locked stated. + + commit 7f765a98fd662f345baf30d93392103e5f85ace1 + * scd/command.c (reset_notify): Add option --keep-lock. + (do_reset): Add arg keep_lock. + (cmd_lock): Send progress status. + * g10/call-agent.c (agent_scd_apdu): Add more pseudo APDUs. + * g10/card-util.c (send_apdu): Ditto. + (factory_reset): Use lock commands. + + gpg: Fix recent commit for weak digest algos and smartcards. + + commit 21d5323f5d029758fd55eae1dfdfb88b718ceada + * g10/sign.c (sign_file): Fix condition. + + Require libksba 1.3.5. + + commit 549dc8cfe9a44fe7eb8a6a90662d4cbb1958a556 + * configure.ac (NEED_KSBA_VERSION): Set to 1.3.5. + + Require Libgpg-error 1.27. + + commit fc01ae50718b4030fbfdf3ca65ddb3e3107eacda + * configure.ac (NEED_GPG_ERROR_VERSION): Require 1.27 + * common/util.h: Remove compatibility macros. + + Require Libgcrypt 1.8. + + commit 99ab3aed15c8a84347e39fbe49bd5748aeefe31a + * configure.ac (NEED_LIBGCRYPT_VERSION): Require 1.8. + * tools/gpgconf.c (show_version_libgcrypt): Remove conditional case + for Libgcrypt < 1.8. + * common/compliance.c (gnupg_rng_is_compliant): Ditto. + * agent/pksign.c: Ditto. + * agent/gpg-agent.c (thread_init_once): Ditto. + (agent_libgcrypt_progress_cb): Ditto. + * agent/command.c (cmd_getinfo): Ditto. + +2020-11-09 Ben Kibbey <bjk@luxsci.net> + + gpg: Add canceled status message. + + commit f05d1772c47b71cf77f79519b8edbc682002d303 + * common/status.h (STATUS_CANCELED_BY_USER): New. + * g10/passphrase.c (passphrase_to_dek): Send STATUS_CANCELED_BY_USER + instead of STATUS_MISSING_PASSPHRASE when canceled is set. + +2020-11-09 Werner Koch <wk@gnupg.org> + + gpg: Do not print rejected digest algo notes with --quiet. + + commit c373735e79a1b6240e9eca972c2bbb0c9f3247c4 + * g10/misc.c (print_digest_rejected_note): Do not print in quiet mode. + (print_sha1_keysig_rejected_note): Ditto. + +2020-11-04 Werner Koch <wk@gnupg.org> + + speedo,w32: Install gpg-check-pattern and example profiles. + + commit a4fa4b5d4ba38e51436914505af1a8f3483ed945 + * doc/examples/vsnfd.prf: Rename to VS-NfD.prf. + * doc/examples/Automatic.prf: New. + * doc/Makefile.am (examples): Adjust. + * build-aux/speedo/w32/inst.nsi: Install gpg-check-pattern.exe and 3 + example files. + * build-aux/speedo/w32/wixlib.wxs: Add new files. + + g13: Include a now missing header file. + + commit d4089b04a5f15c1cc1a4809cb8f0d59fc1cdf564 + * g13/create.c: Include sysutuls.h + * g13/sh-dmcrypt.c: Ditto. + + gpgconf: Make sure the homedir exists for --apply-profile. + + commit 1fbf085bc8b4a92772d1da8bfea507f4f97434b1 + * tools/gpgconf.c (main) <aApplyDefaults, aApplyProfile>: Create the + standard home directory. + + common: Fix duplicate implementation of try_make_homedir. + + commit 6fe5c8c06e8cd162913ee5b0eb741eb4beebf44a + * g10/openfile.c (try_make_homedir): Move core of the code to ... + * common/homedir.c (gnupg_maybe_make_homedir): new. + * sm/keydb.c (try_make_homedir): Implement using new function. + + * common/homedir.c: Include i18n.h. + * po/POTFILES.in: Add common/homedir.c. + +2020-11-04 Andre Heinecke <aheinecke@gnupg.org> + + w32: Add another pinentry search path. + + commit b4cb91d5fbe2b8917d76d12eb72aaac0d97ed596 + * common/homedir.c (get_default_pinentry_name): Try ../bin/pinentry.exe + + w32: Add windows subsystem variant of gpgconf. + + commit c366e04958481382c3f7b50f169120053186069b + * tools/Makefile.am (gpgconf-w32): New target. Builds gpgconf with + subsystem windows. + * build-aux/speedo/w32/wixlib.wxs: Package it. + +2020-11-03 Werner Koch <wk@gnupg.org> + + w32: Fix strftime problem on Windows. + + commit d633e92233f4a4afc82d3d9282220f303974525b + * common/gettime.c: Include locale.h. + (asctimestamp): Increase buffer. On Windows use setlocale. + + gpg: Switch to AES256 for symmetric encryption in de-vs mode. + + commit 166e779634ea5fe2a7beeb186807e3a81128c717 + * g10/gpg.c (set_compliance_option): For AES256 and SHA256 in de-vs + mode. + * g10/encrypt.c (setup_symkey): Add extra compliance check. + (encrypt_simple): Avoid printing a second error oncplinace failure. + +2020-11-03 Andre Heinecke <aheinecke@gnupg.org> + + po: Major update of italian translation. + + commit ccecdc1f34a973dcd8d00b6ee9c830e0ddc8d08b + * po/it.po: Update to a recent 2.2 version. + +2020-11-02 Werner Koch <wk@gnupg.org> + + gpg: Allow setting notations with the empty string as value. + + commit f007d79533e638e395e1a3cf99233fd900cc805c + * g10/misc.c (pct_expando): Catch special case of the empty string. + Also map a NULL to the empty string. + * g10/photoid.c (show_photos): Make an empty string used as command + fail. + + gpg: Do not use weak digest algos if selected by recipient prefs. + + commit 4c181d51a6f1fd05b7f190a18769ba5e9f892f6a + * g10/misc.c (is_weak_digest): New. + (print_digest_algo_note): Use it here. + * g10/sig-check.c (check_signature_end_simple): Use it. + * g10/sign.c (hash_for): Do not use recipient_digest_algo if it is in + the least of weak digest algorithm. + +2020-10-30 Ingo Klöcker <dev@ingo-kloecker.de> + + gpg: Fix iteration over signatures. + + commit 8a941428086bc173a65d4e8687308ca923394738 + * g10/keyedit.c (keyedit_quick_revsig): Take signature of correct node + +2020-10-30 NIIBE Yutaka <gniibe@fsij.org> + + agent: Fix secret key import for Ed25519. + + commit ba321b60bc3bfc29dfc6fa325dcabad4fac29f9c + * agent/cvt-openpgp.c (convert_secret_key): Avoid adding 0x00 at the + beginning of MPI. + +2020-10-28 Werner Koch <wk@gnupg.org> + + gpg: New command --quick-revoke-sig. + + commit 7ec56b033647a1b14d56f771d51c563dbd25f1b7 + * g10/gpg.c (enum cmd_and_opt_values): Add aQuickRevSig. + (opts): Add --quick-revoke-sig. + (main): Implement. + * g10/keyedit.c (quick_find_keyblock): Add arg 'want_secret' and + adjust all callers. + (keyedit_quick_revsig): new. + * g10/revoke.c (get_default_sig_revocation_reason): New. + * g10/keylist.c (cmp_signodes): New. + +2020-10-26 NIIBE Yutaka <gniibe@fsij.org> + + scd: Internal CCID driver thing only for SPR532. + + commit 38040ffee81e3c7a6972c9eae42af44eaaeb6ce6 + * scd/ccid-driver.c (ccid_vendor_specific_setup): New. Limit + only for SPR532, excluding other readers by SCM. + (ccid_slot_status): Use ccid_vendor_specific_setup. + + scd: Internal CCID driver limiting only for SPR532. + + commit d1c9cc3ca03d2134a0feecab6db3c4af308c7fa7 + * scd/ccid-driver.c (ccid_vendor_specific_init): Only do that for + SPR532. + +2020-10-23 Werner Koch <wk@gnupg.org> + + common: New functions gnupg_opendir et al. + + commit 5f8123df7856b724a062177026fe669ae49be263 + * common/sysutils.h (struct gnupg_dirent_s): New. + * common/sysutils.c: Include dirent.h. + (struct gnupg_dir_s): New. + (gnupg_opendir, gnupg_readdir, gnupg_closedir): New. Change all + callers of opendir, readdir, and closedir to use these functions. + + w32: Make gnupg_remove and gnupg_rename_file Unicode aware. + + commit 4252cd7b18b41a0d91076e46df9ba857e743406b + * common/sysutils.c (w32_rename): New. + (gnupg_rename_file) [W32]: Support Unicode. + (gnupg_remove) [W32]: Support Unicode. Drop Windows-CE support. + + Replace all calls to stat by gnupg_stat. + + commit 157030271f2d88d0756788a60c43e455870ec124 + * common/sysutils.c (gnupg_stat): New. + * common/sysutils.h: Include sys/stat.h. + + Replace most calls to open by a new wrapper. + + commit 86e52e3c33843f67a7972181ccbf33b48a40e557 + * common/sysutils.c (any8bitchar) [W32]: New. + (gnupg_open): New. Replace most calls to open by this. + * common/iobuf.c (any8bitchar) [W32]: New. + (direct_open) [W32]: Use CreateFileW if needed. + +2020-10-21 Werner Koch <wk@gnupg.org> + + w32: Allow Unicode filenames for dotlock. + + commit d65ea29683eeecfcf12e74744a490e8acfc1a5cf + * common/dotlock.c (any8bitchar) [W32]: New. + (dotlock_create_w32): Use strconcat and CreateFileW. + + * common/t-dotlock.c: Source include dotlock.c and modify to allow + manual testing on Windows. + + Replace all calls to access by gnupg_access. + + commit dd5fd4a760b8cf6ae05ff878bcf36cf2465e744c + * common/sysutils.c (gnupg_access): New. Replace all calls to access + by this wrapper. + * common/homedir.c (w32_shgetfolderpath): Change to return UTF-8 + directory name. + (standard_homedir): Adjust for change. + (w32_commondir, gnupg_cachedir): Ditto. + +2020-10-06 NIIBE Yutaka <gniibe@fsij.org> + + scd: Add a workaround for Yubikey. + + commit 25bec16d0bdcb9829a7b35c403cbb778b3b0c097 + * scd/app-openpgp.c (get_public_key): Handle wrong code for Yubikey. + + scd: Silence compiler warning. + + commit 0f4c956a76614bebf0f86bef79eba0e850e23df4 + * scd/app-openpgp.c (build_ecc_privkey_template): Fix allocation size. + + scd: Report any error for LEARN command. + + commit 7c8823bf82daade7417aeaebc34fefe3aa7c1856 + * scd/app-openpgp.c (do_learn_status): Report any error. + + scd: Internal CCID driver: More fix for SPR532. + + commit 1f1b68eef72bed9bb7ac1eb8102f6f51d587dbc0 + * scd/ccid-driver.c (bulk_in): Handle the case of missing intr_cb. + + scd: Internal CCID driver fix. + + commit 33a2d4bd7ffc6ad10d7ddb0f29fe4e21609806f7 + * scd/ccid-driver.c (intr_cb): More useful debug output. + (ccid_slot_status): Remove redundant condition. + + scd: Internal CCID driver: Call libusb_clear_halt at ccid_setup_intr. + + commit 48565e7a08d64e3628da8baa80541841af0a6166 + * scd/ccid-driver.c (ccid_setup_intr): Reset the endpoint. + (ccid_vendor_specific_init): Don't call libusb_clear_halt. + + scd: Internal CCID driver: Fix a failure path. + + commit 30693dfb6fe970dba195bf00a77d854e6fbc1ed0 + * scd/ccid-driver.c (ccid_open_usb_reader): On error, call + libusb_release_interface. + + scd: Internal CCID: Handle LIBUSB_ERROR_TIMEOUT at ccid_get_atr. + + commit 498cd38019b8122824d69fd194675ab532501423 + * scd/ccid-driver.c (ccid_slot_status): Handle LIBUSB_ERROR_TIMEOUT. + + scd: Change handling of SPR532 card reader. + + commit 7db836c0e9223a4d5f30636e35e18156a97e6b91 + * scd/ccid-driver.c (ccid_vendor_specific_init): Put some workaround + for SPR532 initialization. + (ccid_slot_status): Send ESCape command after GetSlotStatus. + + scd: For SPR532, submit the ESCape command at initialization. + + commit 11d8d1e0505645f7d14bcc1c01d17a566e033705 + * scd/ccid-driver.c (ccid_vendor_specific_init): Submit the ESC + command for VENDOR_SCM. + (ccid_transceive_secure): Don't submit the ESC command every time. + + scd: Fix CCID internal driver for interrupt transfer. + + commit dd7cc24d5f9274579f0966de3be7ae8b0c19bacd + * scd/ccid-driver.c (intr_cb): Handle the case of multiple messages. + + scd: Better handling of timeout and time extension. + + commit 186d11896ca2751eac8a7f54845ec71cc7f6fcc3 + * scd/ccid-driver.c (CCID_CMD_TIMEOUT_LONGER): Remove. + (ccid_transceive): Don't use x4 blindly for bBWI, but use dynamically + determined value. Use value from variable wait_more for bulk_in. + Set wait_more by the value of time extension request. + + scd: Fix internal CCID driver, so that -DTEST works. + + commit 60af035c22b9fbdc10c8c0a69399c46908801c66 + * scd/ccid-driver.c: Support a test program by ccid-driver. + + scd: ccid-driver: Initial getting ATR more robustly. + + commit 165312dca90a198ebc0be4ed6b0791297c90b085 + * scd/ccid-driver.c (send_power_off): New. + (do_close_reader): Use send_power_off. + (ccid_get_atr): Add error recovery. + + scd: Clean up the structure for future fix of PC/SC. + + commit 1efc01ff987dde4adf6777d4df44b5a00f6f0d8d + * scd/apdu.c (struct dev_list): Rename from ccid_table, with void*. + (open_ccid_reader): Follow the change. + (apdu_dev_list_start, apdu_dev_list_finish): Likewise. + (apdu_open_reader): Likewise. + * scd/ccid-driver.c (ccid_dev_scan): Use void *. + (ccid_dev_scan_finish, ccid_get_BAI, ccid_open_usb_reader): Likewise. + * scd/ccid-driver.h: Change the APIs. + +2020-10-06 Werner Koch <wk@gnupg.org> + + scd: Map some error codes from libusb to ccid-driver error codes. + + commit 5b985b026418213a4c75291cb041ca8aa798cec3 + * scd/ccid-driver.h (CCID_DRIVER_ERR_USB_*): New error codes. + * scd/apdu.h: New SW_HOST error codes. + * scd/apdu.c (host_sw_string): Print them + * scd/ccid-driver.c (map_libusb_error): New. + (ccid_open_usb_reader, bulk_in, abort_cmd): Map libusb error codes. + * scd/iso7816.c (map_sw): Map new codes to gpg-error. + +2020-10-06 NIIBE Yutaka <gniibe@fsij.org> + + scd: internal driver: Submit SET_INTERFACE control transfer. + + commit cccdca61a841228475da573aab8b57c659a9631a + * scd/ccid-driver.c (ccid_open_usb_reader): Alway submit SET_INTERFACE + control transfer. + + scd: Internal CCID driver: Clean up backport from master. + + commit 7b531fe5801b0ad47414c4a6ed961665ba5a2541 + * scd/ccid-driver.c (print_error) [TEST]: Add missing break. Note + that this is anyway an impossible case. + +2020-10-05 Werner Koch <wk@gnupg.org> + + dirmngr: Minor cleanup for better readability. + + commit ffbef54d36d4c2c150b63a57c79872d2e1f2a68e + * dirmngr/ldap.c (start_default_fetch_ldap): Rename to + start_cacert_fetch_ldap and remove arg attr. Instead use + "cACertificate" directly. + * dirmngr/crlfetch.c (ca_cert_fetch): Change the only caller. + (start_cert_fetch_ldap): Rename arg for clarity. + +2020-10-04 Werner Koch <wk@gnupg.org> + + build: Fix SENDMAIL define for a PATH with spaces. + + commit 77e416741abb0a871733bd46cbc81329859de96e + * configure.ac: Fix use of $PATH + +2020-10-02 Werner Koch <wk@gnupg.org> + + gpgconf,w32: Add manifest so we get the correct windows version. + + commit 239e60a37f63d3880d1107b6981a964f437761ae + * common/w32info-rc.h.in: Update copyright info. + * tools/gpg-connect-agent-w32info.rc: Tweak file info. + * tools/gpgconf-w32info.rc: New. + * tools/gpgconf.w32-manifest.in: New. + * configure.ac: Add new .in file. + * tools/Makefile.am (EXTRA_DIST): Add them. + (gpg_connect_agent_robjs, gpgconf_robjs): New. + (gpgconf_LDADD): Add resource file. + (gpg_connect_agent_LDADD): Change name of resource macro. + + gpgconf: New option --show-versions. + + commit a298ba02ee76a9291ef5cec1a3564d8e254b9ca7 + * tools/gpgconf.c: Include exechelp.h. New option --show-versions. + (get_revision_from_blurb): New. + (show_version_gnupg): New. + (show_version_libgcrypt): New. + (show_version_gpgrt): New. + (show_versions_via_dirmngr): New. + (show_versions): New. + * dirmngr/dirmngr.c (main): New internal option --gpgconf-versions. + (get_revision_from_blurb): New. + (gpgconf_versions): New. + +2020-10-01 Andre Heinecke <aheinecke@gnupg.org> + + doc: Remove enable-extended-key-format in vsnfd. + + commit d833030f8cf646b5de83d01fc3e412ad77ec4b1c + * doc/examples/vsnfd.prf: Remove enable-extended-key-format + +2020-09-22 Werner Koch <wk@gnupg.org> + + kbx: Add bounds check to detect corrupt keyboxes. + + commit be8b30f8ebf637a7e476ff8902349a56924bf20f + * kbx/keybox-dump.c (_keybox_dump_blob): Fix the fixmes. Add support + for 32 byte fingerprints. + +2020-09-16 NIIBE Yutaka <gniibe@fsij.org> + + scd: Fix the use case of verify_chv2 by CHECKPIN. + + commit 61aea64b3c1717a7e304c82cda92e08ce5a6c533 + * scd/app-openpgp.c (verify_chv2): Call verify_a_chv with chvno=1 + when needed. + +2020-09-10 Werner Koch <wk@gnupg.org> + + gpg-connect-agent: Catch signals so that SIGPIPE is ignored. + + commit a084924d07be16dbbbf4b34d463c67c8d4c117be + * dirmngr/server.c (cmd_killdirmngr): Return 0. + * tools/gpg-connect-agent.c (main): Catch signals. + + dirmngr: Fix the pool keyserver case for a single host in the pool. + + commit 72e04b03b1a7aee5521156c6d549ca10a81ac529 + * dirmngr/ks-engine-hkp.c (map_host): Set R_HOSTNAME also for + localhost and if there is no pool. + + dirmngr: Align the gnutls use of CAs with the ntbtls code. + + commit e4f3b74c91063d83395ba0bc37f67cb22d47ca8f + * dirmngr/http.c (http_session_new) <gnutls>: Use only the special + pool certificate for the default keyserver. + + agent: Keep some permissions of private-keys-v1.d. + + commit 7de9ed521e516879a72ec6ff6400aed4bdce5920 + * common/sysutils.c (modestr_to_mode): Re-implement. + (gnupg_chmod): Support keeping of permissions. + +2020-09-04 Werner Koch <wk@gnupg.org> + + gpg: Initialize a parameter to silence valgrind. + + commit 6ce8fdc4b2a05bb2c1cf2aa9faa76f1c7a4fdb28 + * g10/keygen.c (read_parameter_file): Initialize nline. + * g10/textfilter.c (copy_clearsig_text): Initialize bufsize. + +2020-09-03 Werner Koch <wk@gnupg.org> + + Release 2.2.23. + + commit e234d04c3c91cd4e84cb5790a131bf6a8b6733c4 + + + gpg: Fix AEAD preference list overflow. + + commit aeb8272ca8aad403a4baac33b8d5673719cfd8f0 + * g10/getkey.c (fixup_uidnode): Increase size of prefs array. + +2020-09-02 Werner Koch <wk@gnupg.org> + + gpg: Fix segv importing certain keys. + + commit 896c528ba0555443cca81b3f091f761e70c698cd + * g10/key-check.c (key_check_all_keysigs): Initialize issuer. + +2020-09-01 NIIBE Yutaka <gniibe@fsij.org> + + scd: Fix a regression for OpenPGP card. + + commit 0a9665187a7cbf68933b7162fb5f974177684a50 + * scd/app-openpgp.c (verify_chv2): Make sure loading keys. + +2020-08-28 Werner Koch <wk@gnupg.org> + + sm: Fix a bug in the rfc2253 parser. + + commit d2fe2ffd753706d07b26fbe22b17a561a2e535fc + * sm/certdump.c (parse_dn_part): Fix parser flaw. + +2020-08-27 Werner Koch <wk@gnupg.org> + + Release 2.2.22. + + commit f9c120a29986e82d1179b38167ef2696dd0cc10a + + + dirmngr: Print the last alert message returned by NTBTLS. + + commit 45499b2ca3e8f3466e725dbc381757c89a7c39bf + * dirmngr/http.c (send_request): Print the last TLS alert. + +2020-08-27 NIIBE Yutaka <gniibe@fsij.org> + + scd: Add condition for VERIFY with 0x82. + + commit d2f1a0a791db3eb03c003365cbcd010bd8066edb + * scd/app-openpgp.c (verify_chv2): Check availability of keys in + question. + +2020-08-26 Werner Koch <wk@gnupg.org> + + build: Silence gcc warning -Wformat-zero-length. + + commit 0be5decc097286e3502b6a12e019d40b8caf27b4 + * configure.ac: Avoid useless gcc warning. We use an empty string + quite often, for example in log_printhex. + +2020-08-26 NIIBE Yutaka <gniibe@fsij.org> + + agent: Allow TERM="". + + commit 4c8d5eb0bdd380c412c5f5fbc2b92fe6bcea825d + * agent/call-pinentry.c (start_pinentry): When TERM is none, + don't send OPTION ttytype to pinentry. + +2020-08-25 Ineiev <ineiev@gnu.org> + + po: Update Russian translation. + + commit 00ac538e928076e1879366cdce0e57be41f6c8fb + + +2020-08-25 Werner Koch <wk@gnupg.org> + + gpg: Set default keysize to rsa3072. + + commit 60f08969e13b2bb7f194eff80c3a275d444dc6b7 + * g10/keygen.c (DEFAULT_STD_KEY_PARAM): Change. + (gen_rsa): Set fallback to 3072. + (get_keysize_range): Set default to 3072. + * doc/examples/vsnfd.prf: No more need for default-new-key-algo. + + sm: Do not require a default keyring for --gpgconf-list. + + commit 0847133e4cafa214c8129c245194d97c1e192cd5 + * sm/gpgsm.c (main): No default keyring for gpgconf mode. + + agent: Allow using --gogconf-list even if HOME does not exist. + + commit adea5ba7e75261705ba6e9c2456207e9455677f3 + * agent/gpg-agent.c (main): Do not create directories in gpgconf mode. + +2020-08-23 Werner Koch <wk@gnupg.org> + + gpg,gpgsm: Record the creation time of a private key. + + commit 5ac0cf1b8198dcaac7e7abaf05c28dd413f38cad + * sm/call-agent.c (gpgsm_agent_genkey): Pass --timestamp option. + (gpgsm_agent_import_key): Ditto. + * g10/call-agent.c (agent_genkey): Add arg timestamp and pass it on. + (agent_import_key): Ditto. + * g10/import.c (transfer_secret_keys): Pass the creation date to the + agent. + * g10/keygen.c (common_gen): Ditto. + + agent: Allow to pass a timestamp to genkey and import. + + commit 051830d7b4862b6eca6c18c9fd53b51fa1158c34 + * agent/command.c (cmd_genkey): Add option --timestamp. + (cmd_import_key): Ditto. + * agent/genkey.c (store_key): Add arg timestamp and change callers. + (agent_genkey): Ditto. + * agent/findkey.c (write_extended_private_key): Add args timestamp and + newkey to write a Created line. + (agent_write_private_key): Add arg timestamp. + (agent_write_shadow_key): Ditto. + * agent/protect-tool.c (agent_write_private_key): Ditto as dummy arg. + +2020-08-22 Werner Koch <wk@gnupg.org> + + agent: Default to extended key format. + + commit 5b927b7b27bddc8ee70176414690d8ca8d879b54 + * agent/gpg-agent.c (oDisableExtendedKeyFormat, oNoop): New. + (opts): Make --enable-extended-key-format a dummy option. Add + disable-extended-key-format. + (parse_rereadable_options): Implement oDisableExtendedKeyFormat. + * agent/protect.c (agent_protect): Be safe and set use_ocb either to + to 1 or 0. + + gpgtar,w32: Handle Unicode file names. + + commit 843890663b6c68b4361ccfbeb11a50b02d5cc13f + * tools/gpgtar.c (oUtf8Strings): New. + (opts): Add option --utf8-strings. + (parse_arguments): Set option. + * tools/gpgtar.h (opt): Add field utf8strings. + * tools/gpgtar-create.c (name_to_utf8): New. + (fillup_entry_w32): Use that. + (scan_directory): Ditto. + (scan_directory) [W32]: Convert file name to utf8. + (gpgtar_create): Convert pattern. + + common: Use gpgrt functions for mkdir and chdir if available. + + commit 364cef997c0ac5632152acfb7ab2330c4f289a9a + * common/sysutils.c (gnupg_mkdir): Divert to gpgrt_mkdir. + (gnupg_chdir): Divert to gpgrt_chdir + + common,w32: Do not assume the ANSI codepage during string conversion. + + commit bef68efd8da92115142005d22e9336ff798dcf4b + * common/utf8conv.c (get_w32_codepage): New. + (wchar_to_native): Use instead oc CP_ACP. + (native_to_wchar): Ditto. + + common: Strip trailing CR,LF from w32_strerror. + + commit 73b0fdabdb108880034b7730d04614d8a7cf943a + * common/stringhelp.c (w32_strerror): Strip trailing CR,LF. + * common/iobuf.c (iobuf_get_filelength): Use -1 and not 0 for the + arg to w32_strerror. + +2020-08-20 Werner Koch <wk@gnupg.org> + + gpgtar: Make --files-from and --null work as described. + + commit 1efe99f3d9e3c6d5733cf512b7e494284a445bfa + * tools/gpgtar-create.c (gpgtar_create): Add args files_from and + null_names. Improve reading from a file. + * tools/gpgtar.c: Make global vars static. + (main): Remove tests for --files-from and --null option combinations. + Pass option variables to gpgtar_create. + + build: New configure option --disable-tests. + + commit 829bc3bc60da134841705f7d701b0870e1629b38 + * configure.ac: Add option --disable-tests. Print warnings in the + summary. + (DISABLE_TESTS): New am_conditional. + + gpg: Fix regression for non-default --passphrase-repeat option. + + commit a4d73b1c8e2a312e78831843aa04364d7d3c8e6f + * agent/command.c (cmd_get_passphrase): Take care of --repeat with + --newsymkey. + +2020-08-13 Werner Koch <wk@gnupg.org> + + gpg: Ignore personal_digest_prefs for ECDSA keys. + + commit f0f8b124f0d2332e1c0b496df5e5f9c4b3db6bc3 + * g10/sign.c (hash_for): Simplify hash algo selection for ECDSA. + +2020-08-12 Werner Koch <wk@gnupg.org> + + common: Pass the WAYLAND_DISPLAY envvar along. + + commit 3cf920a1e353ceec7a3d854d5b509be417e4c801 + * common/session-env.c (stdenvnames): Add WAYLAND_DISPLAY. + +2020-08-04 Werner Koch <wk@gnupg.org> + + sm: Also show the SHA-256 fingerprint. + + commit 9c57de75cf36cfcf408eda1b59a0362a061517ce + * sm/keylist.c (list_cert_colon): Emit a new "fp2" record. + (list_cert_raw): Print the SHA2 fingerprint. + (list_cert_std): Ditto. + +2020-07-30 NIIBE Yutaka <gniibe@fsij.org> + + w32: More adding NETLIBS. + + commit 8d9ce32c30db2bba5736fff5f56b7c145aaec42c + * common/Makefile.am (t_common_ldadd): Add $(NETLIBS). + + w32: Add link to $(NETLIB) for -lws2_32. + + commit f95d923090e119a7a05eef13bbbc108ed98e513a + * dirmngr/Makefile.am (dirmngr_LDADD): Add $(NETLIBS). + * sm/Makefile.am (gpgsm_LDADD): Ditto. + * tools/Makefile.am (gpg_wks_client_LDADD): Ditto. + +2020-07-16 Werner Koch <wk@gnupg.org> + + gpg: Do not close stdout after --export-ssh-key. + + commit 970e43130506186c82d528d0a4fe34725e3c8e6b + * g10/export.c (export_ssh_key): Do not close stdout. + +2020-07-15 NIIBE Yutaka <gniibe@fsij.org> + + tools: Use internal regexp routines. + + commit b4cbb5f58a00fa5ac9f1282664c0adb7ecfa9e57 + * tools/gpg-check-pattern.c: Use jimregexp.h. + + regexp: Import change from JimTcl. + + commit 1d1f2aa94370dcb715f6ae02ea5e14eb7ec5fa98 + * regexp/jimregexp.h, regexp/jimregexp.c: Fix from JimTcl. + + regexp: Fix generation of _unicode_mapping.c. + + commit 8904b18822fc2203ed667844cc3885dc459dbfef + * configure.ac (AWK_HEX_NUMBER_OPTION): Detect GNU Awk. + * regexp/Makefile.am: Use AWK_HEX_NUMBER_OPTION. + * regexp/parse-unidata.awk: Don't use strtonum. + + gpg: Add regular expression support. + + commit 199309190a0b9966445bc386747c433949d3b81e + * AUTHORS, COPYING.other: Update. + * Makefile.am (SUBDIRS): Add regexp sub directory. + * configure.ac (DISABLE_REGEX): Remove. + * g10/Makefile.am (needed_libs): Add libregexp.a. + * g10/trustdb.c: Remove DISABLE_REGEX support. + * regexp/LICENSE, regexp/jimregexp.c, regexp/jimregexp.h, + regexp/utf8.c, regexp/utf8.h: New from Jim Tcl. + * regexp/UnicodeData.txt: New from Unicode. + * regexp/Makefile.am, regexp/parse-unidata.awk: New. + * tests/openpgp/Makefile.am: Remove DISABLE_REGEX support. + * tools/Makefile.am: Remove DISABLE_REGEX support. + +2020-07-13 Werner Koch <wk@gnupg.org> + + agent: Fix regression with --newsymkey in loopback mode. + + commit d9ea47f702840c87431df984b9b3f7e60c9ea815 + * agent/command.c (cmd_get_passphrase): Never repeat in loopback mode; + same as with !OPT_NEWSYMKEY. + +2020-07-13 NIIBE Yutaka <gniibe@fsij.org> + + dirmngr: Handle EAFNOSUPPORT at connect_server. + + commit ce793fc2f838a97cb1e92b3060337b8052f3dc3a + * dirmngr/http.c (connect_server): Skip server with EAFNOSUPPORT. + +2020-07-09 Werner Koch <wk@gnupg.org> + + Release 2.2.21. + + commit be6fc39ed9b4ffd56d960e20499599c851c17b44 + + +2020-07-08 Werner Koch <wk@gnupg.org> + + Do not use the pinentry's qualitybar. + + commit b451c4f5ea672c9915e28d8dde30abc675060f06 + * agent/genkey.c (agent_ask_new_passphrase): No qualitybar. + * g10/call-agent.c (agent_get_passphrase): Ditto. + * sm/call-agent.c (gpgsm_agent_ask_passphrase): Ditto. + + gpg: Use integrated passphrase repeat entry also for -c. + + commit ae8b88c635424ef36f024d0016949d11187dc21e + * g10/call-agent.c (agent_get_passphrase): Add arg newsymkey. + * g10/passphrase.c (passphrase_get): Add arg newsymkey. + (passphrase_to_dek): Pass it on. + + agent: New option --newsymkey for GET_PASSPHRASE. + + commit d9e2dfa4c585de7c261fde13c18bd0f82415d6c3 + * agent/call-pinentry.c (do_getpin): New. + (agent_askpin): Use do_getpin. + (agent_get_passphrase): Add arg pininfo. Use do_getpin. + * agent/genkey.c (check_passphrase_constraints): New arg no_empty. + * agent/command.c (reenter_passphrase_cmp_cb): New. + (cmd_get_passphrase): Add option --newsymkey. + +2020-07-07 Werner Koch <wk@gnupg.org> + + gpg: Fix flaw in symmetric algorithm selection in mixed mode. + + commit 7b6071a45fbf14219b6aca4fff8fa0eaf6c6dd8e + * g10/encrypt.c (setup_symkey): Use default_cipher_algo function + instead of the fallback s2k_cipher_algo. Fix error code. + (encrypt_simple): Use setup_symkey. + +2020-07-03 Werner Koch <wk@gnupg.org> + + sm: Exclude rsaPSS from de-vs compliance mode. + + commit 4a36adaa64311a42eb78d9e52390df489454cafb + * common/compliance.h (PK_ALGO_FLAG_RSAPSS): New. + * common/compliance.c (gnupg_pk_is_compliant): Add arg alog_flags and + test rsaPSS. Adjust all callers. + * common/util.c (pubkey_algo_to_string): New. + (gnupg_pk_is_allowed): Ditto. + * sm/misc.c (gpgsm_ksba_cms_get_sig_val): New wrapper function. + (gpgsm_get_hash_algo_from_sigval): New. + * sm/certcheck.c (gpgsm_check_cms_signature): Change type of sigval + arg. Add arg pkalgoflags. Use the PK_ALGO_FLAG_RSAPSS. + * sm/verify.c (gpgsm_verify): Use the new wrapper and new fucntion to + also get the algo flags. Pass algo flags along. Change some of the + info output to be more like current master. + +2020-07-02 Werner Koch <wk@gnupg.org> + + dirmngr: Silence annoying warning for missing default ldap server file. + + commit daca1a011b0e4ae888fd6b11253993cb3537990f + * dirmngr/dirmngr.c (parse_ldapserver_file): Add arg ignore_enoent. + (main): Use that arg for the default file. + + dirmngr: Fix case handling of "ldapi" scheme. + + commit 0795ab1c8f95831c15d4ae36d197805a26f8c899 + * dirmngr/ldap-parse-uri.c (ldap_uri_p): s/'i'/'I'. + +2020-06-26 Werner Koch <wk@gnupg.org> + + sm: Print the serial number of a cert also in decimal. + + commit ad6bf5d67f58dcdd76b621e77b81efa7b41ca885 + * sm/certdump.c: Include membuf.h. + (gpgsm_print_serial_decimal): New. + * sm/keylist.c (list_cert_raw): Print s/n also in decimal + (list_cert_std): Ditto. + +2020-06-03 Werner Koch <wk@gnupg.org> + + doc: Minor enhancement for reproducibility. + + commit 5ade2b68db231c78d8ecca0eb21db2153da958d2 + * doc/Makefile.am (defsincdate): In no repo mode and with + SOURCE_DATE_EPOCH set, use that instead of blanking the date. + + common: Add missing error code GPG_ERR_WRONG_NAME. + + commit 381c54179c2adefd558035f573a2029de2e1a2f7 + * configure.ac: Require libgpg-error 1.25. + * common/util.h: Define some extra error codes. + +2020-05-29 NIIBE Yutaka <gniibe@fsij.org> + + scd: Fix condition for C5 data object for newer Yubikey. + + commit e285b1197b93e5114679b2ece9f10743abc715ef + * scd/app-openpgp.c (compare_fingerprint): Relax the condition. + +2020-05-21 NIIBE Yutaka <gniibe@fsij.org> + + dirmngr: dns: Fix allocation of string buffer in stack. + + commit ab724d3206c8d3500ab2d982c98bad93ee550e42 + * dirmngr/dns.h (dns_strsection, dns_strclass) + (dns_strtype): Change APIs. + * dirmngr/dns.c (dns_p_lines): Use __dst for dns_strsection. + (dns_rr_print): Use __dst for dns_strclass and dns_strtype. + (dns_trace_dump): Likewise. + (dns_ai_print): Use __dst for dns_strtype. + (dns_strsection): Add an argument __dst for storage. + (dns_strclass, dns_strtype): Likewise. + (parse_packet): Use __dst for dns_strsection. + (send_query): Use __dst for dns_strtype. + (isection): Use __dst for dns_strsection. + (iclass): Use __dst for dns_strclass. + (itype): Use __dst for dns_strtype. + +2020-05-12 Werner Koch <wk@gnupg.org> + + common: Change argument order of log_printhex. + + commit c6324ee07a9ff2a626d6dfcc094a67b62628d42e + * common/logging.c (log_printhex): Chnage order of args. Make it + printf alike. Change all callers. + * configure.ac: Add -Wno-format-zero-length + +2020-04-16 Werner Koch <wk@gnupg.org> + + sm: Always allow authorityInfoAccess lookup if CRLs are also enabled. + + commit aec7d136e4bdfd53709dc04e3e92f4c50135d368 + * sm/certchain.c (find_up): Disable external lookups in offline mode. + Always allow AKI lookup if CRLs are also enabled. + + sm: Lookup missing issuers first using authorityInfoAccess. + + commit d57209553da7da85a369cd362aabeaef07e0bc26 + * sm/call-dirmngr.c (gpgsm_dirmngr_lookup): Add optional arg URL and + adjust all callers. + * sm/certchain.c (oidstr_caIssuers): New. + (struct find_up_store_certs_s): Add additional fields. + (find_up_store_certs_cb): Store the fingerprint. + (find_up_via_auth_info_access): New. + (find_up): Try the AIA URI first. + + dirmngr: Allow http URLs with "LOOKUP --url" + + commit 3b27c26241ee25cf75555e11d9bb463faac8237d + * dirmngr/crlfetch.c (read_cert_via_http): New. + (fetch_cert_by_url): Implement http scheme. + + gpg: Add missing options --no-include-key-block. + + commit 7dbfd92b3e231cfe111c8832ff1048305c8d2d92 + * g10/gpg.c (opts): Add it. + + gpg: Make AEAD modes subject to compliance checks. + + commit 37b116db20080f6e1c6ca1dec79014fecf2c3248 + * g10/decrypt-data.c (decrypt_data): Move aead algo detection up. + + gpg: Show AEAD preferences. + + commit ab7a0b07024c432233e691b5e4be7e32baf8d80f + * g10/packet.h (preftype_t): Add PREFTYPE_AEAD. + * g10/keyedit.c (show_prefs): Print AEAD preferences. + * g10/getkey.c (fixup_uidnode): Set AEAD flags. + (merge_selfsigs): Ditto. + + gpg: Support decryption of the new AEAD packet. + + commit 1dfe71c62b184c84723c5f926f2596f46ee967cf + * common/openpgpdefs.h (aead_algo_t): New. + (pkttype_t): Add PKT_ENCRYPTED_AEAD. + * g10/decrypt-data.c (struct decode_filter_context_s): Add fields for + AEAD. + (aead_set_nonce_and_ad): New. + (aead_checktag): New. + (decrypt_data): Support AEAD. + (aead_underflow): New. + (aead_decode_filter): New. + * g10/dek.h (DEK): Add field use_aead. Turn use_mdc, + algo_info_printed, and symmetric into bit flags. + * g10/mainproc.c (struct mainproc_context): Add field + seen_pkt_encrypted_aead. + (release_list): Clear it. + (have_seen_pkt_encrypted_aead): New. + (symkey_decrypt_seskey): Support AEAD. + (proc_symkey_enc): Ditto. + (proc_encrypted): Ditto. + (proc_plaintext): Ditto. + * g10/misc.c (MY_GCRY_CIPHER_MODE_EAX): New. + (openpgp_aead_test_algo): New. + (openpgp_aead_algo_name): New. + (openpgp_aead_algo_info): New. + * g10/packet.h (PKT_symkey_enc): Add field use_aead. + (PKT_user_id): Add field flags.aead + (PKT_public_key): Ditto. + (PKT_encrypted): Add fields for AEAD. + * g10/parse-packet.c (parse): Handle PKT_ENCRYPTED_AEAD. + (parse_symkeyenc): Support AEAD. + (parse_encrypted): Ditto. + (dump_sig_subpkt): Dump AEAD preference packet. + (parse_encrypted_aead): New. + +2020-04-15 Werner Koch <wk@gnupg.org> + + gpg: Improve symmetric decryption speed by about 25% + + commit 144b95cc9d0f03a2fe5d91120f6b4b30f4bb8f71 + * g10/decrypt-data.c (mdc_decode_filter, decode_filter): Fatcor buffer + filling code out to ... + (fill_buffer): new. + + gpg: Reformat parts of decrypt-data.c. + + commit 2f39e00b6b7d2aa57cd268c579127947042a0fcf + * g10/decrypt-data.c (struct decode_filter_context_s): Rename 'defer' + to 'holdback' and 'defer_filled' to 'holdbacklen'. Increase size of + holdback to allow for future AEAD decryption. Turn 'partial' and + 'eof_seen' into bit fields. + (decrypt_data): Replace write_status_text by write_Status_printf. + Indent parts of the code. + + sm,dirmngr: Restrict allowed parameters used with rsaPSS. + + commit ddc74f50d42370421b4802dc13df88f0ca2fcee5 + * sm/certcheck.c (extract_pss_params): Check the used PSS params. + * dirmngr/crlcache.c (finish_sig_check): Ditto. + * dirmngr/validate.c (check_cert_sig): Ditto. + + sm: Support rsaPSS verification also for CMS signatures. + + commit 24d563749f50f51841b3fd00eb615a871e45bb28 + * sm/certcheck.c (gpgsm_check_cert_sig): Factor PSS parsing out to ... + (extract_pss_params): new. + (gpgsm_check_cms_signature): Implement PSS. + + dirmngr: Support rsaPSS also in the general validate module. + + commit 8bf17eb94d0d85f34477ec0c2c0514000b6aa045 + * dirmngr/validate.c (hash_algo_from_buffer): New. + (uint_from_buffer): New. + (check_cert_sig): Support rsaPSS. + * sm/certcheck.c (gpgsm_check_cert_sig): Fix small memory leak on + error. + + sm,dirmngr: Support rsaPSS signature verification. + + commit 0626cc8fed340deb36f0c10e7a68afc287d0f626 + * sm/certcheck.c (hash_algo_from_buffer): New. + (uint_from_buffer): New. + (gpgsm_check_cert_sig): Handle PSS. + * dirmngr/crlcache.c (hash_algo_from_buffer): New. + (uint_from_buffer): New. + (start_sig_check): Detect PSS and extract hash algo. New arg to + return a PSS flag. + (finish_sig_check): New arg use_pss. Extract PSS args and use them. + (crl_parse_insert): Pass use_pss flag along. + + common: New function to map hash algo names. + + commit 4d37cc72b83f601118c2c6c79d9d96c85e250f7e + * common/sexputil.c (hash_algo_to_string): New. + + scd:p15: Return a display S/N via Assuan. + + commit 39e2260d7e05ef2fd6ff94a1bc538cf0d640193c + * scd/app-p15.c (make_pin_prompt): Factor some code out to ... + (get_dispserialno): this. + (do_getattr): Use new fucntion for a $DISPSERIALNO. + + scd:p15: Show a pretty PIN prompt. + + commit beaa2cbb7f039c6ebfcfff483cfe6002a858993d + * scd/app-p15.c (struct prkdf_object_s): New fields common_name and + serial_number. + (release_prkdflist): Free them. + (keygrip_from_prkdf): Parse cert and set them. + (any_control_or_space): New. + (make_pin_prompt): New. + (verify_pin): Construct a pretty PIN prompt. + (do_sign): Remove debug output. + + scd: Return GPG_ERR_BAD_PIN on 0x63Cn status word. + + commit 9e6a3290dad1b19144a2b413902e9918094a2cea + * scd/iso7816.c (map_sw): Detect 0x63Cn status code. + + scd: Factor common PIN status check out. + + commit 9497d25c567d4fb8b6be603b102a149060e7aa56 + * scd/iso7816.h (ISO7816_VERIFY_ERROR): New. + (ISO7816_VERIFY_NO_PIN): New. + (ISO7816_VERIFY_BLOCKED): New. + (ISO7816_VERIFY_NULLPIN): New. + (ISO7816_VERIFY_NOT_NEEDED): New. + * scd/iso7816.c (iso7816_verify_status): New. + * scd/app-nks.c (get_chv_status): Use new function. + + scd:p15: Fix decrypt followed by sign problem for D-Trust cards. + + commit 471b06e91b6ae47e1f71cd7a698763cd9d32ff12 + * scd/iso7816.c (iso7816_select_mf): New. + * scd/app-p15.c (card_product_t): New. + (struct app_local_s): Add field 'card_product'. + (read_ef_tokeninfo): Detect D-Trust card. + (prepare_verify_pin): Switch to D-Trust AID. + (do_decipher): Restore a SE for D-TRust cards. Change the padding + indicator to 0x81. + + * common/percent.c (percent_data_escape): new. Taken from master. + + scd:p15: Emit MANUFACTURER, $ENCRKEYID, $SIGNKEYID. + + commit 4148976841d154c94e6d1d4dcc1720908582086b + * scd/app-p15.c (read_ef_tokeninfo): Store manufacturer_id. + (do_getattr): Implement MANUFACTURER, $ENCRKEYID and $SIGNKEYID. + (send_keypairinfo): Also print usage flags. + + gpg: Use the new MANUFACTURER attribute. + + commit 88b456bdf4e4763e8f1b718f5597d4d075d989cd + * g10/call-agent.h (struct agent_card_info_s): Add manufacturer fields. + * g10/call-agent.c (agent_release_card_info): Release them. + (learn_status_cb): Parse MANUFACTURER attribute. + * g10/card-util.c (get_manufacturer): Remove. + (current_card_status): Use new attribute. + + scd:openpgp: New attribute "MANUFACTURER". + + commit 431b3e68e071d2bdc22b2c845ca929182830ddbd + * scd/app-openpgp.c (get_manufacturer): New.. + (do_getattr): Add new attribute "MANUFACTURER". + (do_learn_status): Always print it. + + scd:p15: Rename some variables and functions for clarity. + + commit b0cb2c2ab8c71738167785564698c43b50c15fee + * scd/app-p15.c: Rename keyinfo to prkdf. + + + Backported from master. Removed the do_with_keygrip related parts + because that function is not available. + + scd:p15: Cache the PIN. + + commit 133b6ff8cd0c938abbf55ba6dc50299240d247f6 + * scd/app-p15.c (struct prkdf_object_s): Add flag pin_verified. + (verify_pin): Make use of it. + +2020-04-08 NIIBE Yutaka <gniibe@fsij.org> + + gpg: ECDH: Accept longer padding. + + commit 2f08a4f25df7d1cbf037bdf0d7f5c1ef5859fa1e + * g10/pubkey-enc.c (get_it): Remove check which mandates shorter + padding. + +2020-04-01 Werner Koch <wk@gnupg.org> + + scd:p15: Add missing keygrip retrieval for decryption. + + commit b95a0bfbba75025761aa163eca74c7653d76981a + * scd/app-p15.c (do_decipher): Get the keygrip. + + scd:p15: Support decryption with CardOS 5 cards. + + commit 4af38ea5e450b3eb79af98b9876b2b968110a459 + * scd/app-p15.c (do_decipher): New. + + scd:p15: Factor PIN verification out to a new function. + + commit ce9406ca370b482c05c859d963949ae75c99cb6f + * scd/app-p15.c (do_sign): Factor code out to ... + (prepare_verify_pin, verify_pin): new functions. + + scd:p15: Support signing with CardOS 5 cards. + + commit e730444e7b7502b935bbe343935f68f764b95b96 + * scd/app-help.c (app_help_get_keygrip_string_pk): Add optional arg + r_pkey and change all callers. + (app_help_get_keygrip_string): Ditto. + * scd/app-p15.c (struct cdf_object_s): Use bit flags + (struct aodf_object_s): Ditto. Add field 'fid'. + (struct prkdf_object_s): Ditto. Add fields keygrip, keyalgo, and + keynbits. + (parse_certid): Allow a keygrip instead of a certid aka keyref. + (read_ef_aodf): Store the FID. + (keygripstr_from_prkdf): Rename to ... + (keygrip_from_prkdf): this. Remove arg r_gripstr and implement cache. + Change callers to directly use the values from the object. Also store + the algo and length of the key ion the object. + (keyref_from_keyinfo): New. Factored out code. + (do_sign): Support SHA-256 and >2048 bit RSA keys. + common/scd:p15: Support signing with CardOS 5 cards. + * common/util.h (KEYGRIP_LEN): New. + + scd:p15: Read certificates in extended mode. + + commit 368f006a2840cd6b37caf7b4b98a16b818ac2289 + * scd/app-p15.c (readcert_by_cdf): Allow reading in extended mode. + * scd/app-common.h (app_get_slot): New. + + scd: Add function for binary read in extended mode. + + commit 64142caafe5c89ad4db36b47c2dc917a9ac66a8e + * scd/iso7816.c (iso7816_read_binary): Factor code out to ... + (iso7816_read_binary_ext): new function. Add arg extended_mode. + + scd:p15: Detect CardOS 5 cards and print some basic infos. + + commit 60b0aa7e57e787cbeca22adf77b330f753553d87 + * scd/app-p15.c (read_ef_odf): Detect the home_DF on the fly. Silence + the garbage warning for null bytes. + (print_tokeninfo_tokenflags): New. + (read_ef_tokeninfo): Print manufacturer, label, and flags. + (app_select_p15): No need to use the app_get_slot macro. + (CARD_TYPE_CARDOS_50): New const. + (card_atr_list): Detect CardOS 5.0 + +2020-03-30 Werner Koch <wk@gnupg.org> + + wks: Take name of sendmail from configure. + + commit 76d2a02dfe8f923c0d4d8ef86ca71a9ac47c243d + * configure.ac (NAME_OF_SENDMAIL): New ac_define. + * tools/send-mail.c (run_sendmail): Use it. + + agent: Print an error if gpg-protect reads the extended key format. + + commit 011a2f5fb77c7963f25550e423160507818f7a91 + * agent/protect-tool.c (read_key): Detect simple extended key format. + + sm: Fix possible NULL deref in error messages of --gen-key. + + commit 2b4b0b1223aab955aafa2a150fe2dbc04c210bcd + * sm/certreqgen.c: Protect printing the line numbers in case of !R. + +2020-03-27 Werner Koch <wk@gnupg.org> + + sm: Consider certificates w/o CRL DP as valid. + + commit 1424c12e4c7164990797a0a1daa3db6f3329aed4 + * sm/certchain.c (is_cert_still_valid): Shortcut if tehre is no DP. + * common/audit.c (proc_type_verify): Print "n/a" if a cert has no + distribution point. + * sm/gpgsm.h (opt): Add field enable_issuer_based_crl_check. + * sm/gpgsm.c (oEnableIssuerBasedCRLCheck): New. + (opts): Add option --enable-issuer-based-crl-check. + (main): Set option. + +2020-03-20 Werner Koch <wk@gnupg.org> + + Release 2.2.20. + + commit 5094bb08edd48087a5aa89494fc361f0ce4f34aa + * build-aux/speedo.mk (sign-installer): Fix syntax error. + +2020-03-19 Werner Koch <wk@gnupg.org> + + gpgconf: Take care of --homedir when reading/updating options. + + commit b92860a8b9d253661de0060623e920b3f58e4443 + * tools/gpgconf-comp.c (gc_component_check_options): Take care of + --homedir. + (retrieve_options_from_program): Ditto. + +2020-03-18 NIIBE Yutaka <gniibe@fsij.org> + + scd: Fix pinpad handling when KDF enabled. + + commit 133248b297a1d72897f280d8bd21081cd6ebd66c + * scd/app-openpgp.c (do_getattr): Send the KDF DO information. + + scd: Disable pinpad if it's impossible by KDF DO. + + commit b27e20a95cb7af59dcaa6e59aacf52ed766be1f3 + * scd/app-openpgp.c (struct app_local_s): Add pinpad.disabled field. + (do_getattr): Set pinpad.disabled field. + (check_pinpad_request): Use the pinpad.disabled field. + (do_setattr): Update pinpad.disabled field. + +2020-03-18 Werner Koch <wk@gnupg.org> + + gpg: Print a hint for --batch mode and --delete-secret-key. + + commit fbe318475236166b54e19d228bf9b24e442e0fa5 + * g10/delkey.c: Include shareddefs.h. + (delete_keys): Print a hint. + + dirmngr: Improve finding OCSP cert. + + commit 25dc0e5b1eb02f79946a86c799c7720001a296bc + * dirmngr/certcache.c (find_cert_bysubject): Add better debug output + and try to locate by keyid. + +2020-03-18 Daniel Kahn Gillmor <dkg@fifthhorseman.net> + + gpg: Update --trusted-key to accept fingerprint as well as long key id. + + commit b6d89d1944c55f302fb797cce0e007f59aabaf54 + * g10/trustdb.c (tdb_register_trusted_key): accept fingerprint as well + as long key ID. + * doc/gpg.texi: document that --trusted-key can accept a fingerprint. + +2020-03-18 Werner Koch <wk@gnupg.org> + gniibe@fsij.org + + gpg: Fix key expiration and usage for keys created at the Epoch. + + commit e77f332b01f13af606ae0158dabcd644c274e456 + * g10/getkey.c (merge_selfsigs_main): Take a zero key creation time in + account. + +2020-03-14 Werner Koch <wk@gnupg.org> + + gpg: New option --auto-key-import. + + commit 95b42278cafe7520d87168fb993ba715699e6bb6 + * g10/gpg.c (opts): New options --auto-key-import, + --no-auto-key-import, and --no-include-key-block. + (gpgconf_list): Add them. + * g10/options.h (opt): Add field flags.auto_key_import. + * g10/mainproc.c (check_sig_and_print): Use flag to enable that + feature. + * tools/gpgconf-comp.c: Give the new options a Basic config level. + + gpg: Make use of the included key block in a signature. + + commit b42d9f540c7484e45cfc997f77e360d0f0ec4bb9 + * g10/import.c (read_key_from_file): Rename to ... + (read_key_from_file_or_buffer): this and add new parameters. Adjust + callers. + (import_included_key_block): New. + * g10/packet.h (PKT_signature): Add field flags.key_block. + * g10/parse-packet.c (parse_signature): Set that flags. + * g10/sig-check.c (check_signature2): Add parm forced_pk and change + all callers. + * g10/mainproc.c (do_check_sig): Ditto. + (check_sig_and_print): Try the included key block if no key is + available. + + gpg: New option --include-key-block. + + commit d79ebee64ea582da3c3be69cc23e146e2db3738b + * common/openpgpdefs.h (SIGSUBPKT_KEY_BLOCK): New. + * g10/gpg.c (oIncludeKeyBlock): New. + (opts): New option --include-key-block. + (main): Implement. + * g10/options.h (opt): New flag include_key_block. + * g10/parse-packet.c (dump_sig_subpkt): Support SIGSUBPKT_KEY_BLOCK. + (parse_one_sig_subpkt): Ditto. + (can_handle_critical): Ditto. + * g10/sign.c (mk_sig_subpkt_key_block): New. + (write_signature_packets): Call it for data signatures. + + gpg: Add property "fpr" for use by --export-filter. + + commit 2baa00ea186359f758fea5cb61aff99b09fec821 + * g10/export.c (push_export_filters): New. + (pop_export_filters): New. + (export_pubkey_buffer): Add args prefix and prefixlen. Adjust + callers. + * g10/import.c (impex_filter_getval): Add property "fpr". + * g10/main.h (struct impex_filter_parm_s): Add field hexfpr. + +2020-02-19 NIIBE Yutaka <gniibe@fsij.org> + + gpg: Fix default-key selection when card is available. + + commit 1cdd9e57f701f0d99d118d32adffe5216a94b0b2 + * g10/getkey.c (get_seckey_default_or_card): Handle the case + when card key is not suitable for requested usage. + +2020-02-19 Nick Piper <nick.piper@cgi.com> + + doc: Correction of typo in documentation of KEY_CONSIDERED. + + commit 60dbe082949b13635f3f31aa03d12aa9f671c941 + (cherry picked from commit 0e1cbabc0ad4fe2ca9644fffb5cf27b1a8a1509f) + +2020-02-15 Werner Koch <wk@gnupg.org> + + gpgsm: Fix import of some CR,LF ternminated certificates. + + commit 38f819bd6d77d068d8626bf7f5b968ff03c263af + * common/ksba-io-support.c (base64_reader_cb): Detect the END tag and + don't just rely on the padding chars. This could happen only with + CR+LF termnmated PEM files. Also move the detection into the invalid + character detection branch for a minor parser speedup. + +2020-02-10 Werner Koch <wk@gnupg.org> + + doc: Improve the warning section of the gpg man page. + + commit 146dacd3b13bf5d917978313092c022641305a27 + * doc/gpg.texi: Update return value and warning sections. + + (cherry picked from commit 113a8288b85725f7726bb2952431deea745997d8) + +2020-02-10 Werner Koch <wk@gnupg.org> + Tomáš Mráz + + build: Always use EXTERN_UNLESS_MAIN_MODULE pattern. + + commit 21d9bd8b87a9f793a106095e3838eb71825189d7 + * common/util.h (EXTERN_UNLESS_MAIN_MODULE): Add the definion only + here but now without the Norcroft-C. Change all other places where it + gets defined. + * common/iobuf.h (iobuf_debug_mode): Declare unconditionally as + extern. + * common/iobuf.c (iobuf_debug_mode): Define it here. + * agent/gpg-agent.c (INCLUDED_BY_MAIN_MODULE): Define here and also in + all main modules of all other programs. + + * g10/main.h: Put util.h before the local header files. + +2020-02-10 Werner Koch <wk@gnupg.org> + + gpg: Make really sure that --verify-files always returns an error. + + commit 49151255f3b1decf2e394a58bc0ac412bda2b214 + * g10/verify.c (verify_files): Track the first error code. + + common: Also protect log_inc_errorcount against counter overflow. + + commit 47f514fde6e29137d660c19e6eea0b842d2b03f5 + * common/logging.c (log_inc_errorcount): Also protect against + overflow. + (log_error): Call log_inc_errorcount instead of directly bumping the + counter. + +2020-01-17 Werner Koch <wk@gnupg.org> + + gpgconf,w32: Print a warning for a suspicious homedir. + + commit a265d3997a9120cb607c2d9b843bf9ee9e944378 + * tools/gpgconf.c (list_dirs): Check whether the homedir has been + taken from the registry. + +2020-01-16 NIIBE Yutaka <gniibe@fsij.org> + + gpg: default-key: Simply don't limit by capability. + + commit a7840777e4277039482ce3ea3e6fc919526be2f1 + * g10/getkey.c (parse_def_secret_key): Remove the check. + +2019-12-23 Werner Koch <wk@gnupg.org> + + gpg: Fix output of --with-secret if a pattern is given. + + commit def1ceccf05baf187b9313e6e37171709ab44225 + * g10/keylist.c (list_one): Probe for a secret key in --with-secret + mode. + +2019-12-19 Andre Heinecke <aheinecke@gnupg.org> + + speedo: Make signing optional for w32-release. + + commit a56c591f9063d895544d681e25bda2ffb22f7ca0 + * build-aux/speedo.mk (AUTHENTICODE_sign): Check if + certificates are available. + + speedo: Use multithreaded xz for w32 source. + + commit 28403cb5fe4eea2ac1ad514fdfcfa282e795c69f + * build-aux/speedo.mk (dist-source): Add -T0 parameter to xz. + + speedo: Improve and document wixlib build. + + commit 4d9b262584fb15e7965d579fad9a149e26849c18 + * Makefile.am (sign-release): Add handling for wixlib. + * build-aux/speedo.mk: Add help-wixlib and improve handling. + +2019-12-17 Andre Heinecke <aheinecke@intevation.de> + + speedo, w32: Add w32-wixlib target for MSI package. + + commit c461de93f44efaa6a1d9669eb9d4033943368431 + * Makefile.am (EXTRA_DIST): Add wixlib.wxs + * build-aux/speedo.mk (w32-wixlib): New target. + (w32-release): Build wixlib if WIXPREFIX is set. + (help): Add documentation. + * build-aux/speedo/w32/wixlib.wxs + +2019-12-07 Werner Koch <wk@gnupg.org> + + Release 2.2.19. + + commit 1c841c8389fb9640762822395b988e0d1584c9ae + + + po: Make g10/call-dirmngr.c translatable. + + commit 03983711b3376a5dff518a99adf5fb3a5bd8be4a + * po/POTFILES.in: Add g10/call-dirmngr.c + * g10/call-dirmngr.c (create_context): Change an i18n sting for easier + reuse. + + dirmngr: Tell gpg about WKD lookups resulting from a cache. + + commit 438a1ec2978c64ecfe6b5ddaa61f214c2dcae88f + * dirmngr/server.c (proc_wkd_get): Print new NOTE status + "wkd_cached_result". + * g10/call-dirmngr.c (ks_status_cb): Detect this and print a not ein + verbose mode. + +2019-12-06 Werner Koch <wk@gnupg.org> + + sm: Add special case for expired intermediate certificates. + + commit 8c167febc0abc00be281a9dc8c2544b8d048a002 + * sm/gpgsm.h (struct server_control_s): Add field 'current_time'. + * sm/certchain.c (find_up_search_by_keyid): Detect a corner case. + Also simplify by using ref-ed cert objects in place of an anyfound + var. + +2019-12-04 Werner Koch <wk@gnupg.org> + + gpg: Use AKL for angle bracketed mail address with -r. + + commit 78bb81e9deeca264f6a516630496470341e78fa9 + * g10/getkey.c (get_pubkey_byname): Extend is_mbox checking. + (get_best_pubkey_byname): Ditto. + +2019-11-29 Werner Koch <wk@gnupg.org> + + gpg: Fix double free with anonymous recipients. + + commit 9ac182f376abf910a7b737b0e1ebd447eaa582f1 + * g10/pubkey-enc.c (get_session_key): Do not release SK. + +2019-11-25 Werner Koch <wk@gnupg.org> + + Release 2.2.18. + + commit 82b9e1bdbdd756290b8873b3e244dcc8d1f840fb + + + tests: Adjust for now invalid SHA-1 key signatures. + + commit 8e49fc7f43ecfe44dac57d97c555e2cbc7eb8e9a + * tests/openpgp/defs.scm (create-gpghome): Add + allow-weak-key-signatures. + + agent: Improve --debug-pinentry diagnostics. + + commit 96c4943a5bd070772d8be7bb7db8548840af5f8f + * agent/call-pinentry.c (atfork_cb): Factor code out to ... + (atfork_core): new. + +2019-11-23 Werner Koch <wk@gnupg.org> + + wkd: Let --install-key write a template policy file. + + commit 6e893061b54ddd38e83531f5513e3168d0002e41 + * tools/wks-util.c (ensure_policy_file): New. + (wks_cmd_install_key): Call it. + +2019-11-18 Werner Koch <wk@gnupg.org> + + dirmngr,gpg: Better diagnostic in case of bad TLS certificates. + + commit 3efc94f1eb17eb5c5950c2fab9f701518352ae19 + * doc/DETAILS: Specify new status code "NOTE". + * dirmngr/ks-engine-http.c (ks_http_fetch): Print a NOTE status for a + bad TLS certificate. + * g10/call-dirmngr.c (ks_status_cb): Detect this status. + + dirmngr: Forward http redirect warnings to gpg. + + commit 4dd50991252409eb2023ab8ad11f36a050f421af + * dirmngr/http.c: Include dirmngr-status.h + (http_prepare_redirect): Emit WARNING status lines for redirection + problems. + * dirmngr/http.h: Include fwddecl.h. + (struct http_redir_info_s): Add field ctrl. + * dirmngr/ks-engine-hkp.c (send_request): Set it. + * dirmngr/ks-engine-http.c (ks_http_fetch): Set it. + * g10/call-dirmngr.c (ks_status_cb): Detect the two new warnings. + + dirmngr: Factor some prototypes out to dirmngr-status.h. + + commit 466bdf7c07f4ebfc69d503f85b9423f2f6440682 + * dirmngr/dirmngr-status.h: New. + * dirmngr/dirmngr.h: Include dirmngr-status.h and move some prototypes + to that file. + * dirmngr/t-support.c: New. + * dirmngr/Makefile.am (t_common_src): Add new file. + +2019-11-15 NIIBE Yutaka <gniibe@fsij.org> + + scd,ccid: Add support of GEMPC_EZIO. + + commit 9b41f58c8a549055fa6bf7e21e2931b86f4da776 + * scd/ccid-driver.h (GEMPC_EZIO): New. + * scd/ccid-driver.c (ccid_transceive_secure): Support GEMPC_EZIO. + +2019-11-12 Werner Koch <wk@gnupg.org> + + dirmngr: Use IPv4 or IPv6 interface only if available. + + commit 392e068e9f143d41f6350345619543cbcd47380f + * dirmngr/dns-stuff.c (cached_inet_support): New variable. + (dns_stuff_housekeeping): New. + (check_inet_support): New. + * dirmngr/http.c (connect_server): Use only detected interfaces. + * dirmngr/dirmngr.c (housekeeping_thread): Flush the new cache. + +2019-11-11 Werner Koch <wk@gnupg.org> + + gpg: Forbid the creation of SHA-1 third-party key signatures. + + commit 754a03f5a279964af62025d11d92391e650fddb7 + * g10/sign.c (SIGNHINT_KEYSIG, SIGNHINT_SELFSIG): New. + (do_sign): Add arg signhints and inhibit SHA-1 signatures. Change + callers to pass 0. + (complete_sig): Add arg signhints and pass on. + (make_keysig_packet, update_keysig_packet): Set signhints. + + gpg: Add option --allow-weak-key-signatures. + + commit 3b1fcf65239d9c73cc54760ea52a5749e024fa76 + * g10/gpg.c (oAllowWeakKeySignatures): New. + (opts): Add --allow-weak-key-signatures. + (main): Set it. + * g10/options.h (struct opt): Add flags.allow_weak_key_signatures. + * g10/misc.c (print_sha1_keysig_rejected_note): New. + * g10/sig-check.c (check_signature_over_key_or_uid): Print note and + act on new option. + +2019-11-07 Werner Koch <wk@gnupg.org> + + gpg: Fix a potential loss of key sigs during import with self-sigs-only. + + commit 2975868ede40ce8b8a0d20e7f0e4cd687772f9d0 + * g10/import.c (import_one_real): Don't do the final clean in the + merge case. + +2019-10-15 Werner Koch <wk@gnupg.org> + + gpg: Also delete key-binding signature when deleting a subkey. + + commit d8052db74a0d2e6a55cf104e0ecb1868936bd09c + * g10/delkey.c (do_delete_key): Simplify and correct subkey deletion. + +2019-10-15 NIIBE Yutaka <gniibe@fsij.org> + + Revert "gpg: The first key should be in candidates." + + commit 2906636b929f08fdf342560834d920e8e8153458 + This reverts commit 66eb953f43800a91c4280ae8fd49f6dc8cf74578. + +2019-10-15 Werner Koch <wk@gnupg.org> + + gpg: Extend --quick-gen-key for creating keys from a card. + + commit 652ca4b2bf985546baa70754f66eab3840cf2820 + * g10/keygen.c (parse_key_parameter_part): Add arg R_KEYGRIP and + support the special algo "card". + (parse_key_parameter_string): Add args R_KEYGRIP and R_SUBKEYGRIP. + Handle the "card" algo. Adjust callers. + (parse_algo_usage_expire): Add arg R_KEYGRIP. + (quickgen_set_para): Add arg KEYGRIP and put it into the parameter + list. + (quick_generate_keypair): Handle algo "card". + (generate_keypair): Also handle the keygrips as returned by + parse_key_parameter_string. + (ask_algo): Support ed25519 from a card. + +2019-10-15 NIIBE Yutaka <gniibe@fsij.org> + + po: Update Japanese translation. + + commit fe02709ffd3c41fe84b90cda96edd12e6b836741 + + + gpg: The first key should be in candidates. + + commit 66eb953f43800a91c4280ae8fd49f6dc8cf74578 + * g10/getkey.c (get_best_pubkey_byname): Handle the first key + as the initial candidate for the selection. + + gpg: Fix a memory leak in get_best_pubkey_byname. + + commit 2924ac374eb8cbf87ed6c9fbbb72c0b8d1d37fa3 + * g10/getkey.c (get_best_pubkey_byname): Free the public key parts. + +2019-10-03 Werner Koch <wk@gnupg.org> + + gpg: Be prepared for chosen-prefix SHA-1 collisions in key signatures. + + commit edc36f59fcfcb4b896a53530345d586f7e5df560 + * g10/sig-check.c (check_signature_over_key_or_uid): Reject cewrtain + SHA-1 based signatures. + +2019-09-06 Werner Koch <wk@gnupg.org> + + gpg: Make --quiet work on --send-keys. + + commit de57b5bf91d64f8843a68d1950bd12aecc82f8c1 + * g10/keyserver.c (keyserver_put): Act upon --quiet. + +2019-08-23 Werner Koch <wk@gnupg.org> + + gpg: Implement keybox compression run. + + commit b5f7ac6c368a07b3d35191bf56fdf58145c4e44b + * kbx/keybox-init.c (keybox_lock): Add arg TIMEOUT and change all + callers to pass -1. + * g10/keydb.c (keydb_add_resource): Call keybox_compress. + + kbx: Include deleted records into the --stats output. + + commit 34f55c5e348d4bf9894c24988e6856b411ba05de + * kbx/keybox-dump.c (_keybox_dump_file): Take deleted records in + account. + + kbx: Allow "gpgsm --faked-system-time" to kick off a compression run. + + commit e854580fa562c423f3d977318b515fb4d186f99a + * kbx/keybox-update.c (keybox_compress): Use make_timestamp. + + gpg: Allow --locate-external-key even with --no-auto-key-locate. + + commit df6cff8233aa281d150861a26cd262a8a15c73e7 + * g10/getkey.c (akl_empty_or_only_local): New. + * g10/gpg.c (DEFAULT_AKL_LIST): New. + (main): Use it here. + (main) <aLocateExtKeys>: Set default AKL if none is set. + + gpg: Silence some warning messages during -Kv. + + commit 589f1187137cb14da1d16be1fdaf8f1ac2c2d436 + * g10/options.h (glo_ctrl): Add flag silence_parse_warnings. + * g10/keylist.c (list_all): Set that during secret key listsings. + * g10/parse-packet.c (unknown_pubkey_warning): If new flag is set do + not print info message normally emitted inh verbose mode. + (can_handle_critical_notation, enum_sig_subpkt): Ditto. + (parse_signature, parse_key, parse_attribute_subpkts): Ditto. + + gpg: Do not show an informational diagnostics with quiet. + + commit 215858aba342e6f2b9a7c93f579638279af3a561 + * g10/trustdb.c (verify_own_keys): Silence informational diagnostic. + + gpgconf: Suggest the use of --gpgconf-test on --launch problems. + + commit 7c386c5fb5aebbbb36daf61c25d20e6888123994 + * tools/gpgconf-comp.c (gc_component_launch): Change suggestion. + +2019-08-21 Werner Koch <wk@gnupg.org> + + scd:nks: Extend keypairinfo with usage flags. + + commit 0a9053eff0406c6799ee201013194200c0ed3487 + * scd/app-nks.c (do_learn_status_core): Return usage. + + scd:openpgp: Extend keypairinfo with usage flags. + + commit 6f67abcc0339b42a181285b3416959c39a2d7808 + * scd/app-openpgp.c (send_keypair_info): Return usage. + + sm: Show the usage flags when generating a key from a card. + + commit a8aacaf2042a72760e6eaf35e65bfd6d42e642f0 + * g10/call-agent.c (scd_keypairinfo_status_cb): Also store the usage + flags. + * sm/call-agent.c (scd_keypairinfo_status_cb): Ditto. + * sm/certreqgen-ui.c (gpgsm_gencertreq_tty): Print the usage flags. + + (cherry picked from commit 9ed1aa56c4bbf44e00b731d6807ada9e95c91bd7) + + gpg: Allow decryption using non-OpenPGP cards. + + commit 9a317557c58d2bdcc504b70c366b77f4cac71df7 + * g10/call-agent.c (struct getattr_one_parm_s): New. + (getattr_one_status_cb): New. + (agent_scd_getattr_one): New. + * g10/pubkey-enc.c (get_it): Allow the standard leading zero byte from + pkcs#1. + * g10/getkey.c (enum_secret_keys): Move to... + * g10/skclist.c (enum_secret_keys): here and handle non-OpenPGP cards. + + scd: New standard attributes $ENCRKEYID and $SIGNKEYID. + + commit 23784f8bf0ac6d6c52cb2de2f99f46017a92c11a + * g10/call-agent.c (agent_scd_keypairinfo): Use --keypairinfo. + * sm/call-agent.c (gpgsm_agent_scd_keypairinfo): Ditto. + * scd/app-openpgp.c (do_getattr): Add attributes "$ENCRKEYID" and + "$SIGNKEYID". + * scd/app-nks.c (do_getattr): Add attributes too. + + gpg: Allow direct key generation from card with --full-gen-key. + + commit fbed618a3699bea131ce36949387af0fa3cf13f9 + * g10/call-agent.c (agent_scd_readkey): New. + * g10/keygen.c (ask_key_flags): Factor code out to .. + (ask_key_flags_with_mask): new. + (ask_algo): New mode 14. + + common: Extend function pubkey_algo_string. + + commit 0353cb0a5edeef07330da1688b7801c073959185 + * common/sexputil.c (pubkey_algo_string): Add arg R_ALGOID. + * sm/certreqgen-ui.c (gpgsm_gencertreq_tty): Adjust. + + (cherry picked from commit f952226043824cbbeb8517126b5266926121c4e8) + + Removed the changes in gpg-card which is not part of 2.2 + + gpg: New option --use-only-openpgp-card. + + commit c185f6dfbd1bfd809369da789239a371e9d1610e + * g10/gpg.c (opts): Add option. + (main): Set flag. + * g10/options.h: Add flags.use_only_openpgp_card. + * g10/call-agent.c (start_agent): Implement option. + + gpg: Prepare card code to allow other than OpenPGP cards. + + commit fe5c8de862885c51d27c2dc9ea237846c5e57e8a + * g10/call-agent.c (start_agent): Use card app auto selection. + * g10/card-util.c (current_card_status): Print the Application type. + (card_status): Put empty line between card listings. + + (cherry picked from commit e47524c34a2a9f53c2507f67a0b41b460cee78b7) + + gpg: New card function agent_scd_keypairinfo. + + commit 768cb6402f2941781262b9cb0a2aeecc89941f0f + * g10/call-agent.c (scd_keypairinfo_status_cb) + (agent_scd_keypairinfo): New. Taken from gpgsm. + + (cherry picked from commit 0fad61de159acf39e38a04f28f162f0beb0e77d6) + + gpg: Remove two unused card related functions. + + commit c2f87a936afb7eba288d7e6558c24509cd6ab045 + * g10/call-agent.c (inq_writekey_parms): Remove. + (agent_scd_writekey): Remove. + (agent_clear_pin_cache): Remove this stub. + + (cherry picked from commit 334b16b868e771b983263ed20c200869e7e51198) + + gpg: Repurpose the ISO defined DO "sex" to "salutation". + + commit d410b5f9309607599c9ff45061fd1f02638a9a88 + * g10/card-util.c (current_card_status): String changes. + (change_sex): Description change. + (cmds): Add "salutation"; keep "sex" as an alias. + + gpg: Remove unused arg in a card related function. + + commit c66a2cc8d306e7d9d0b4450311f230f182762f93 + * g10/call-agent.c (agent_scd_setattr): Remove unused arg serialno. + + (cherry picked from commit 3a4534d82682f69788da3cf4a445e38fbaf6b98e) + +2019-08-12 NIIBE Yutaka <gniibe@fsij.org> + + common: Fix line break handling, finding a space. + + commit 6e6078c8d0d4a2947e2a34f1367e4472f6ae483b + * common/name-value.c (assert_raw_value): Correctly find a space. + + sm: Support AES-256 key. + + commit a9816d5fb13edb30c5d12cf85ae3e1a114fcc2c1 + * sm/decrypt.c (prepare_decryption): Handle a case for AES-256. + + sm: Fix error checking of decryption result. + + commit ccf5cc8b0b6cee562f7d5598149abcde17440ed4 + * sm/call-agent.c (gpgsm_agent_pkdecrypt): Fix condition. + +2019-08-12 Daniel Kahn Gillmor <dkg@fifthhorseman.net> + + gpg,gpgsm: Handle pkdecrypt responses with/without NUL terminators. + + commit 64500e7f6dd63c793734e52e270b1ea23cfd1928 + * g10/call-agent.c (agent_pkdecrypt): accept but do not require + NUL-terminated data from the agent. + * sm/call-agent.c (gpgsm_agent_pkdecrypt): accept but do not require + NUL-terminated data from the agent. + +2019-08-12 NIIBE Yutaka <gniibe@fsij.org> + + scd: Handle CCID bwi of time extension. + + commit 879660bf4581d902cc1d1244091873c6c0225fa2 + * scd/ccid-driver.c (bulk_in): Increase timeout by the multiplier + value as defined section 6.2.6 in CCID specification. + + scd: Fix bBWI value. + + commit f8961a576d3b5d69bb0e600a64553659ebef8ee7 + * scd/ccid-driver.c (ccid_transceive_apdu_level): Use bBWI=0 for APDU + level transfer. + (ccid_transceive): Use bBWI=0 or the value returend by WTX for TPDU + level transfer. + + card: Fix showing KDF object attribute. + + commit 8e01676981206c209c0bfcb92633d9d2f06a2d90 + * g10/call-agent.c (learn_status_cb): Parse the KDF DO. + * g10/card-util.c (current_card_status): Show it correctly. + +2019-07-22 NIIBE Yutaka <gniibe@fsij.org> + + gpg: The option --passphrase= can be empty. + + commit b21133ba80f21ce93d5a4afe48027172d9fc1999 + * g10/gpg.c (opts): Use ARGPARSE_o_s for oPassphrase to allow + empty string. + +2019-07-16 NIIBE Yutaka <gniibe@fsij.org> + + dirmngr: Don't add system CAs for SKS HKPS pool. + + commit 58e234fbeb6cc5908b69a73e50428f02e584e504 + * dirmngr/http.c [HTTP_USE_GNUTLS] (http_session_new): Clear + add_system_cas. + + gpg: Improve import slowness. + + commit eb00a14f6d2de7c53487f39494c5cb9c0598fc96 + * g10/import.c (read_block): Avoid O(N^2) append. + (sec_to_pub_keyblock): Likewise. + + gpg: Fix keyring retrieval. + + commit b7df72d3074b72cf8b537ac87416b6b719c1b1b7 + * g10/keyring.c (keyring_get_keyblock): Avoid O(N^2) append. + +2019-07-12 Daniel Kahn Gillmor <dkg@fifthhorseman.net> + + doc: fix spelling. + + commit d10bb027e481b518e4bf13ba72d14933d6cbb8cb + * doc/tools.texi: fix a handful of minor spelling errors. + +2019-07-09 Werner Koch <wk@gnupg.org> + + Release 2.2.17. + + commit 591523ec94b6279b8b39a01501d78cf980de8722 + + +2019-07-09 Ineiev <ineiev@gnu.org> + + po: Update Russian translation. + + commit ad0c61972a413987d2cc8ac8deb6a646b954ae05 + + +2019-07-09 Werner Koch <wk@gnupg.org> + + gpg: Do not try the import fallback if the options are already used. + + commit 3c2cf5ea952015a441ee5701c41dadc63be60d87 + * g10/import.c (import_one): Check options. + + gpg: Fix regression in option "self-sigs-only". + + commit b6effaf4669b2c3707932e3c5f2f57df886d759e + * g10/import.c (read_block): Make sure KEYID is availabale also on a + pending packet. + +2019-07-05 Werner Koch <wk@gnupg.org> + + gpg: With --auto-key-retrieve prefer WKD over keyservers. + + commit 3242837d203a7b90b92952e63ee160a5a41764c0 + * g10/mainproc.c (check_sig_and_print): Print a hint on how to make + use of the preferred keyserver. Remove keyserver lookup just by the + keyid. Try a WKD lookup before a keyserver lookup. + + wkd: Change client/server limit back to 64 KiB. + + commit 6396f8d115f21ae15571b683e9ac9d1d7e3f44f4 + * tools/wks-receive.c (decrypt_data): Change limit. + +2019-07-04 Daniel Kahn Gillmor <dkg@fifthhorseman.net> + + dirmngr: fix handling of HTTPS redirections during HKP. + + commit efb6e08ea2ca1cf2d39135d94195802cd69b9ea6 + * dirmngr/ks-engine-hkp.c (send_request): Reinitialize HTTP session when + following a HTTP redirection. + +2019-07-04 Werner Koch <wk@gnupg.org> + + gpg: Add "self-sigs-only" and "import-clean" to the keyserver options. + + commit 2b7151b0a57f5fe7d67fd76dfa1ba7a8731642c6 + * g10/gpg.c (main): Change default. + + gpg: Avoid printing false AKL error message. + + commit 4cbd058a3da9aae74aadab7f260952b9ebb5becf + * g10/getkey.c (get_pubkey_byname): Add special traeatment for default + and skipped-local. + + gpg: New command --locate-external-key. + + commit 46f3283b345e1cabca4b0320cf98274ade8ec162 + * g10/gpg.c (aLocateExtKeys): New. + (opts): Add --locate-external-keys. + (main): Implement that. + * g10/getkey.c (get_pubkey_byname): Implement GET_PUBKEY_NO_LOCAL. + (get_best_pubkey_byname): Add arg 'mode' and pass on to + get_pubkey_byname. Change callers. + * g10/keylist.c (public_key_list): Add arg 'no_local'. + (locate_one): Ditto. Pass on to get_best_pubkey_byname. + + gpg: Make the get_pubkey_byname interface easier to understand. + + commit 11871433436b5b9b9aca46579dd185a9a77674cd + * g10/keydb.h (enum get_pubkey_modes): New. + * g10/getkey.c (get_pubkey_byname): Repalce no_akl by a mode arg and + change all callers. + +2019-07-03 Werner Koch <wk@gnupg.org> + + dirmngr: Avoid endless loop in case of HTTP error 503. + + commit d2e8d71251813e61b15a07637497fabe823b822c + * dirmngr/ks-engine-hkp.c (SEND_REQUEST_EXTRA_RETRIES): New. + (handle_send_request_error): Use it for 503 and 504. + (ks_hkp_search, ks_hkp_get, ks_hkp_put): Pass a new var for + extra_tries. + + dirmngr: Do not rewrite the redirection for the "openpgpkey" subdomain. + + commit c9b133a54e93b7f2365b5d6b1c39ec2cc6dac8f9 + * dirmngr/http.c (same_host_p): Consider certain subdomains to be the + same. + +2019-07-03 Peter Lebbing <peter@digitalbrains.com> + + Mention --sender in documentation. + + commit 37b549dfe0acd362399debd7c93794eb75937402 + + +2019-07-03 Werner Koch <wk@gnupg.org> + + dirmngr: Support the new WKD draft with the openpgpkey subdomain. + + commit 458973f502b9a43ecf29e804a2c0c86e78f5927a + * dirmngr/server.c (proc_wkd_get): Implement new openpgpkey subdomain + method. + +2019-07-02 Werner Koch <wk@gnupg.org> + + gpg: Fallback to import with self-sigs-only on too large keyblocks. + + commit a1f2f38dfb2ba5ed66d3aef66fc3be9b67f9b800 + * g10/import.c (import_one): Rename to ... + (import_one_real): this. Do not print and update stats on keyring + write errors. + (import_one): New. Add fallback code. + +2019-07-01 Werner Koch <wk@gnupg.org> + + gpg: New import and keyserver option "self-sigs-only" + + commit adb120e663fc5e78f714976c6e42ae233c1990b0 + * g10/options.h (IMPORT_SELF_SIGS_ONLY): New. + * g10/import.c (parse_import_options): Add option "self-sigs-only". + (read_block): Handle that option. + + gpg: Make read_block in import.c more flexible. + + commit 15a425a1dfe60bd976b17671aa8e3d9aed12e1c0 + * g10/import.c: Change arg 'with_meta' to 'options'. Change callers. + +2019-07-01 NIIBE Yutaka <gniibe@fsij.org> + + tools: gpgconf: Killing order is children-first. + + commit 526714806da4e50c8e683b25d76460916d58ff41 + * tools/gpgconf-comp.c (gc_component_kill): Reverse the order. + +2019-06-24 Daniel Kahn Gillmor <dkg@fifthhorseman.net> + + spelling: Fix "synchronize" + + commit 520f5d70e4128b61c30da2a463f6c34ca24b628e + + +2019-06-03 Werner Koch <wk@gnupg.org> + + Return better error code for some getinfo IPC commands. + + commit f3251023750d6bd9023dbb8373c804d7d4540a56 + * agent/command.c (cmd_getinfo): Return GPG_ERR_FALSE as boolean False. + * g13/server.c (cmd_getinfo): Ditto. + * sm/server.c (cmd_getinfo): Ditto. + +2019-05-29 Daniel Kahn Gillmor <dkg@fifthhorseman.net> + + doc/wks.texi: fix typo. + + commit 175d194b5d6063895ecfcfed6ed2154e4a0d1421 + + +2019-05-28 Werner Koch <wk@gnupg.org> + + Release GnuPG 2.2.16. + + commit 3f2b7a53ddc43b3a349451d28691aaaa116786dc + + + dirmngr: Allow for other hash algorithms than SHA-1 in OCSP. + + commit 5281ecbe3ae8364407d9831243b81d664b040805 + * dirmngr/ocsp.c (do_ocsp_request): Remove arg md. Add args r_sigval, + r_produced_at, and r_md. Get the hash algo from the signature and + create the context here. + (check_signature): Allow any hash algo. Print a diagnostic if the + signature does not verify. + +2019-05-27 Werner Koch <wk@gnupg.org> + + sm: Avoid confusing diagnostic for the default key. + + commit 32210e855c460ed60505bf9be9adea33d05c40eb + * sm/certlist.c (cert_usage_p): Add arg 'silent' and change all + callers. + (gpgsm_cert_use_sign_p): Add arg 'silent' and pass to cert_usage_p. + Change all callers. + * sm/sign.c (gpgsm_get_default_cert): Set SILENT when calling + gpgsm_cert_use_sign_p + + gpg: Fixed i18n markup of some strings. + + commit ab5d7142a79e92819f5551cfc424a8ceaf0885fa + * g10/tofu.c: Removed some translation markups which either make no + sense or are not possble. + + gpg: Allow deletion of subkeys with --delete-[secret-]key. + + commit d9b31d3a20b89a5ad7e9a2158b6da63a9a37fa8a + * common/userids.c (classify_user_id): Do not set the EXACT flag in + the default case. + * g10/export.c (exact_subkey_match_p): Make static, + * g10/delkey.c (do_delete_key): Implement subkey only deleting. + +2019-05-27 NIIBE Yutaka <gniibe@fsij.org> + + agent: Stop scdaemon after reload when disable_scdaemon. + + commit 9ccdd59e4e1e0b0e3b03b288f52f3c71e86a04dd + * agent/call-scd.c (agent_card_killscd): New. + * agent/gpg-agent.c (agent_sighup_action): Call agent_card_killscd. + +2019-05-21 Werner Koch <wk@gnupg.org> + + gpg: Do not bail on an invalid packet in the local keyring. + + commit 30f44957ccd1433846709911798af3da4e437900 + * g10/keydb.c (parse_keyblock_image): Treat invalid packet special. + + gpg: Do not allow creation of user ids larger than our parser allows. + + commit d32963eeb33fd3053d40a4e7071fb0e8b28a8651 + * g10/parse-packet.c: Move max packet lengths constants to ... + * g10/packet.h: ... here. + * g10/build-packet.c (do_user_id): Return an error if too data is too + large. + * g10/keygen.c (write_uid): Return an error for too large data. + +2019-05-21 NIIBE Yutaka <gniibe@fsij.org> + + agent: For SSH key, don't put NUL-byte at the end. + + commit 6e39541f4f488fe59eac399bad18c465f373a784 + * agent/command-ssh.c (ssh_key_to_protected_buffer): Update + the length by the second call of gcry_sexp_sprint. + +2019-05-20 Werner Koch <wk@gnupg.org> + Matheus Afonso Martins Moreira + + gpg: Do not delete any keys if --dry-run is passed. + + commit 5c46c5f74540ad753b925b74593332ca92de47fa + * g10/delkey.c (do_delete_key): Don't delete the keyblock on dry runs. + Do not clear the ownertrust. Do not let the agent delete the key. + +2019-05-17 Werner Koch <wk@gnupg.org> + + gpg: Fix using --decrypt along with --use-embedded-filename. + + commit 1702179d91b7136661af084d7dab2e50a2857491 + * g10/options.h (opt): Add flags.dummy_outfile. + * g10/decrypt.c (decrypt_message): Set this global flag instead of the + fucntion local flag. + * g10/plaintext.c (get_output_file): Ignore opt.output if that was + used as a dummy option aslong with --use-embedded-filename. + + gpg: Improve the photo image viewer selection. + + commit cd5f040a5389944dd8a05bc9c938f888581dfc8a + * g10/exec.c (w32_system): Add "!ShellExecute" special. + * g10/photoid.c (get_default_photo_command): Use the new ShellExecute + under Windows and fallbac to 'display' and 'xdg-open' in the Unix + case. + (show_photos): Flush stdout so that the output is shown before the + image pops up. + +2019-05-16 Werner Koch <wk@gnupg.org> + + kbx: Fix an endless loop under Windows due to an incomplete fix. + + commit 0fff927889b075442ed7130f376118c31fda1f32 + * kbx/keybox-search.c (keybox_search): We need to seek to the last + position in all cases not just when doing a NEXT. + + kbx: Fix deadlock in gpgsm on Windows due to a sharing violation. + + commit 6f72aa821407e47ad3963e72e139f2ca2c69d9dd + * kbx/keybox-init.c (keybox_lock) [W32]: Use _keybox_close_file + instead of fclose so that a close is done if the file is opened by + another handle. + * kbx/keybox-search.c (keybox_search): Remember the last offset and + use that in NEXT search mode if we had to re-open the file. + + gpgconf: Before --launch check that the config file is fine. + + commit 3a28706cfd960ff84dda9a22aa2f160b4c2efbb5 + * tools/gpgconf-comp.c (gc_component_launch): Check the conf file. + * tools/gpgconf.c (gpgconf_failure): Call log_flush. + +2019-05-15 Daniel Kahn Gillmor <dkg@fifthhorseman.net> + + gpg: enable OpenPGP export of cleartext keys with comments. + + commit 9c704d9d46338769a66bfc6c378efeda3c4bd9ec + * g10/export.c (cleartext_secret_key_to_openpgp): ignore trailing + sublists in private-key S-expression. + +2019-05-15 Werner Koch <wk@gnupg.org> + + gpgconf: Support --homedir for --launch. + + commit 31e26037bd727a6ee9c96ba168a55c4f9def43b6 + * tools/gpgconf-comp.c (gpg_agent_runtime_change): Simplify because + gnupg_homedir already returns abd absolute name. + (scdaemon_runtime_change): Ditto. + (dirmngr_runtime_change): Ditto. + (gc_component_launch): Support --homedir. + +2019-05-14 Daniel Kahn Gillmor <dkg@fifthhorseman.net> + + agent: correct length for uri and comment on 64-bit big-endian platforms + + commit 110932925ba8e0169da18d7774440f8d1fd8a344 + * agent/findkey.c (agent_public_key_from_file): pass size_t as int to + gcry_sexp_build_array's %b. + +2019-05-14 Werner Koch <wk@gnupg.org> + + gpg: Do not print a hint to use the deprecated --keyserver option. + + commit 8d645f1d1f2b0f4e2d3b72f2a585acac4bdd8846 + * g10/keyserver.c (keyserver_search): Remove a specialized error + message. + +2019-05-14 NIIBE Yutaka <gniibe@fsij.org> + + g10: Fix possible null dereference. + + commit 5b22d2c400890fc366ccb7ca74ee886d9cef22a3 + * g10/armor.c (armor_filter): Access ->d in the internal loop. + + build: Update m4/iconv.m4. + + commit cf73c82e95f999bd35636b0cf4e80ed5c33fa7a8 + * m4/iconv.m4: Update from gettext 0.20.1. + +2019-05-13 Werner Koch <wk@gnupg.org> + + gpg: Change update_keysig_packet to replace SHA-1 by SHA-256. + + commit c1dc7a832921fdf5686d377f33db78707c0345e2 + * g10/sign.c (update_keysig_packet): Convert digest algo when needed. + +2019-05-12 Werner Koch <wk@gnupg.org> + + sm: Fix a warning in an es_fopencooie function. + + commit 8d0d61aca3d2713df8a33444af3658b859d72be8 + * sm/certdump.c (format_name_writer): Take care of a flush request. + +2019-05-10 Daniel Kahn Gillmor <dkg@fifthhorseman.net> + + doc: correct documentation for gpgconf --kill. + + commit be116f871dbf14dd44d3a7909c2a052f8979c480 + * doc/tools.texi(gpgconf): Correct documentation for gpgconf --kill. + + (cherry picked from commit 9662538be6afc8beee0f2654f9a8f234c5dac016) + +2019-05-09 Werner Koch <wk@gnupg.org> + + build: Sign all Windows binaries. + + commit e6901c2bc802996c24335bcb35012ccb74b4ced0 + * build-aux/speedo.mk (AUTHENTICODE_SIGNHOST): New. + (AUTHENTICODE_TOOL): New. + (AUTHENTICODE_FILES): New. + (installer): Sign listed files. + (AUTHENTICODE_SIGNHOST): New macro. + (sign-installer): Use that macro instead of direct use of osslsigncode. + +2019-05-03 Werner Koch <wk@gnupg.org> + + gpg: Use just the addrspec from the Signer's UID. + + commit 05204b72497db093f5d2da4a2446c0264a946296 + * g10/parse-packet.c (parse_signature): Take only the addrspec from a + Signer's UID subpacket. + +2019-04-23 NIIBE Yutaka <gniibe@fsij.org> + + po: Update Japanese Translation. + + commit caa61fb7da6b858f038dde948d36fce5c0a85ee5 + + +2019-04-18 Andre Heinecke <aheinecke@intevation.de> + + g10: Fix double free when locating by mbox. + + commit 35899dc2903b118620e6f9f0fa6b21c8568abbf1 + * g10/getkey.c (get_best_pubkey_byname): Set new.uid always + to NULL after use. + +2019-04-16 NIIBE Yutaka <gniibe@fsij.org> + + common: Fix AWK portability. + + commit ee766b2b5d646643d66d23eae478f71c0a01a343 + * common/Makefile.am: Use pkg_namespace. + * common/mkstrtable.awk: Use pkg_namespace. Regexp fix. + +2019-04-11 Werner Koch <wk@gnupg.org> + + gpg: Accept also armored data from the WKD. + + commit dc4c7f65e32a0cddc075d06fa0132e099bcb6455 + * g10/keyserver.c (keyserver_import_wkd): Clear NO_ARMOR. + + gpg: Set a limit of 5 to the number of keys imported from the WKD. + + commit e9fcb0361ab4ef1f6fb0ea235f1b15667932aba2 + * g10/import.c (import): Limit the number of considered keys to 5. + (import_one): Return the first fingerprint in case of WKD. + +2019-04-02 Werner Koch <wk@gnupg.org> + + scd: Add dummy option --application-priority. + + commit cb2065967465939f82cc585254cae0244ed94eac + + + dirmngr: Improve domaininfo cache update algorithm. + + commit 48e7977709b6a56e8fd8e9f5abb9dba5ea617c33 + * dirmngr/domaininfo.c (struct domaininfo_s): Add field keepmark. + (insert_or_update): Implement new update algorithm. + + dirmngr: Better error code for http status 413. + + commit 0a30ce036a615bc95382e0640d185b031f8c6a63 + * dirmngr/ks-engine-hkp.c (send_request): New case for 413. + * dirmngr/ks-engine-http.c (ks_http_fetch): Ditto. + * dirmngr/ocsp.c (do_ocsp_request): Ditto. + +2019-04-01 Daniel Kahn Gillmor <dkg@fifthhorseman.net> + + NEWS: correct typo in header. + + commit 5b1b5be65f343d252c865d705d23b55982718f2d + + +2019-03-27 NIIBE Yutaka <gniibe@fsij.org> + + g10: Fix symmetric cipher algo constant for ECDH. + + commit 38c2a9a644e0bc1e2594ea437a5930982f7b8c4e + * g10/ecdh.c (kek_params_table): Use CIPHER_ALGO_AES192 for + ECC strength 384, according to RFC-6637. + +2019-03-27 Trevor Bentley <trevor@yubico.com> + + gpg: Don't use EdDSA algo ID for ECDSA curves. + + commit 2f455d18ab99a1d94029d3f607ae918bd5c9fecf + * g10/keygen.c (ask_curve): Change algo ID to ECDSA if it changed from + an EdDSA curve. + +2019-03-26 Werner Koch <wk@gnupg.org> + + Release 2.2.15. + + commit dc93e57226db32d5b90884dcf768d271baa6628a + + + sm: Allow decryption even if expired other keys are configured. + + commit 30972d21824264aef2088d30b4f2e5ce3aca889e + * sm/gpgsm.c (main): Add special handling for bad keys in decrypt + mode. + + agent: Allow other ssh fingerprint algos in KEYINFO. + + commit 1c2fa8b6d747aa171bfef35a50754893aa80a562 + * agent/command.c (cmd_keyinfo): Allow for --ssh-fpr=ALGO. Default to + the standard algo. + +2019-03-25 Werner Koch <wk@gnupg.org> + + wkd: New command --print-wkd-url for gpg-wks-client. + + commit 2f3eebf1865a85f8c09a1c052513260ed55acec6 + * tools/gpg-wks-client.c (aPrintWKDURL): New. + (opts): Add option. + (main): Implement. + * tools/wks-util.c (wks_cmd_print_wkd_url): New. + +2019-03-25 NIIBE Yutaka <gniibe@fsij.org> + + libdns: Don't use _[A-Z] which are reserved names. + + commit a975fd127a5d58bbbb3c585e610a54daeb423af6 + * dirmngr/dns.c: Use the identifiers of "*_instance" instead of + reserved "_[A-Z]". + +2019-03-25 Werner Koch <wk@gnupg.org> + + wkd: New command --print-wkd-hash for gpg-wks-client. + + commit 64621f1f40c31c7f453da98efb860ff8cf11edbc + * tools/gpg-wks-client.c (aPrintWKDHash): New. + (opts) : Add "--print-wkd-hash". + (main): Implement that command. + (proc_userid_from_stdin): New. + * tools/wks-util.c (wks_fname_from_userid): Add option HASH_ONLY. + (wks_cmd_print_wkd_hash): New. + +2019-03-25 Andre Heinecke <aheinecke@gnupg.org> + + sm, w32: Translate logger and status fd to handles. + + commit b9d2759da19cb70c1f6243498480bea1d7ecaa46 + * sm/gpgsm.c (main): Call translate_sys2libc_fd_int to + convert the FDs. + +2019-03-22 Daniel Kahn Gillmor <dkg@fifthhorseman.net> + + doc: fix formatting error. + + commit 93782de23fe45e7f7f86140fda6de39395c3a9d8 + + +2019-03-19 Werner Koch <wk@gnupg.org> + + Release 2.2.14. + + commit 813de13e73b01409fabff9859f24c4f23b808796 + + +2019-03-18 Ineiev <ineiev@gnu.org> + + po: Update Russian translation. + + commit dc00947b21dcd4417a35da711c884cef5cc9fc7d + + +2019-03-18 Werner Koch <wk@gnupg.org> + + gpg: Do not bail out on v5 keys in the local keyring. + + commit de70a2f377c1647417fb8a2b6476c3744a901296 + * g10/parse-packet.c (parse_key): Return GPG_ERR_UNKNOWN_VERSION + instead of invalid packet. + * g10/keydb.c (parse_keyblock_image): Do not map the unknown version + error to invalid keyring. + (keydb_search): Skip unknown version errors simlar to legacy keys. + * g10/keyring.c (keyring_rebuild_cache): Skip keys with unknown + versions. + * g10/import.c (read_block): Handle unknown version. + + gpg: Allow import of PGP desktop exported secret keys. + + commit 0e73214dd208fca4df26ac796416c6f25b3ae50d + * g10/import.c (NODE_TRANSFER_SECKEY): New. + (import): Add attic kludge. + (transfer_secret_keys): Add arg only_marked. + (resync_sec_with_pub_keyblock): Return removed seckeys via new arg + r_removedsecs. + (import_secret_one): New arg r_secattic. Change to take ownership of + arg keyblock. Implement extra secret key import logic. Factor some + code out to ... + (do_transfer): New. + (import_matching_seckeys): New. + + gpg: Avoid importing secret keys if the keyblock is not valid. + + commit 43b23aa82be7e02414398af506986b812e2b9349 + * g10/keydb.h (struct kbnode_struct): Replace unused field RECNO by + new field TAG. + * g10/kbnode.c (alloc_node): Change accordingly. + * g10/import.c (import_one): Add arg r_valid. + (sec_to_pub_keyblock): Set tags. + (resync_sec_with_pub_keyblock): New. + (import_secret_one): Change return code to gpg_error_t. Return an + error code if sec_to_pub_keyblock failed. Resync secret keyblock. + + gpg: During secret key import print "sec" instead of "pub". + + commit db2d75f1ffede2ea77163b487a15e60249daffa0 + * g10/keyedit.c (show_basic_key_info): New arg 'print_sec'. Remove + useless code for "sub" and "ssb". + * g10/import.c (import_one): Pass FROM_SK to show_basic_key_info. Do + not print the first keyinfo in FROM_SK mode. + printing. + + gpg: Simplify an interactive import status line. + + commit 184fbf014ae537554d6939a47f07977ef0b0fe9f + * g10/cpr.c (write_status_printf): Escape CR and LF. + * g10/import.c (print_import_check): Simplify by using + write_status_printf and hexfingerprint. + + + Fixed one conlict in a comment. + +2019-03-07 NIIBE Yutaka <gniibe@fsij.org> + + libdns: Avoid using compound literals (8). + + commit ee08a15e31284d32fb59774fc15e39107a727072 + * dirmngr/dns.h (dns_quietinit): Remove. + (dns_hints_i_new): Remove. + + libdns: Avoid using compound literals (7). + + commit 4ab0fef5dc856d1f2747efab584182aa880f631c + * dirmngr/dns.h (DNS_OPTS_INIT, dns_opts): Remove. + * dirmngr/dns-stuff.c (libdns_res_open): Use zero-ed, and initialized + automatic variable for opts. + * dirmngr/dns.c (send_query, resolve_query, resolve_addrinfo): + Likewise. + + libdns: Avoid using compound literals (6). + + commit f3af1707690b070b4cbf6d761a9e5dbddbf681e9 + * dirmngr/dns.h (dns_rr_i_new): Remove. + (dns_rr_i_init): Remove unused second argument. + * dirmngr/dns.c (dns_p_dump, dns_hints_query, print_packet) + (parse_packet): Use automatic variable for struct dns_rr_i. + (dns_d_cname): No need to call dns_rr_i_init after memset 0. + (dns_rr_i_init): Remove unused second argument. Return nothing. + * dirmngr/dns-stuff.c (resolve_addr_libdns, get_dns_cert_libdns) + (getsrv_libdns): Follow the change of dns_rr_i_init. + + (cherry picked from commit 6501e59d3685bb58753c9caea729a4b0eca3942a) + + libdns: Avoid using compound literals (5). + + commit 500151e6daf5fc4d6ea382b83aab3cca72b27881 + * dirmngr/dns.h (dns_rr_foreach): Don't use dns_rr_i_new. + Call dns_rr_grep with NULL. + * dirmngr/dns.c (dns_rr_grep): Support NULL for error_. + + libdns: Avoid using compound literals (4). + + commit 229302aecf8deea0349e79ca0cc05f32665391b7 + * dirmngr/dns.h (dns_d_new*): Remove. + * dirmngr/dns.c (parse_packet): Use dns_d_init with automatic + variable. + (parse_domain): Likewise. + + (cherry picked from commit 7313a112f9c7ada61d24285313d2e2d069a672e8) + + libdns: Avoid using compound literals (3). + + commit f0de4fc990767ae5d120a523be51616b0f35f4f6 + * dirmngr/dns.h (dns_p_new): Remove. + * dirmngr/dns.c (dns_hosts_query): Use dns_p_init with automatic + variable. + (dns_hints_query, dns_res_glue, parse_packet, query_hosts) + (send_query, show_hints, echo_port): Likewise. + + libdns: Avoid using compound literals (2). + + commit ff7d01fc6d396fc3b8d37baa9bd4cdebc8853648 + * dirmngr/dns.h (dns_strsection1, dns_strsection3): Remove. + (dns_strclass1, dns_strclass3): Remove. + (dns_strtype1, dns_strtype3): Remove. + (dns_strsection, dns_strclass, dns_strtype): Directly use the + function. + * dirmngr/dns.c (dns_strsection): Use automatic variable. + (dns_strclass, dns_strtype): Likewise. + + (cherry picked from commit 455ef62d29a112de05897139716265d07e4c6ae3) + + libdns: Avoid using compound literals. + + commit 1318d1e2d50989c66f496ede906a846859f0cf9f + * dirmngr/dns.c (dns_inet_pton, dns_so_tcp_keep): Use automatic + variables. + (dns_poll, dns_send_nopipe): Likewise, adding const qualifier. + +2019-03-07 Werner Koch <wk@gnupg.org> + + dirmngr: Add CSRF protection exception for protonmail. + + commit 557c721e787e7e6d311ccb48d8aa677123061cf5 + * dirmngr/http.c (same_host_p): Add exception table. + + gpgtar: Make option -C work for archive creation. + + commit 5d73c231e4f2d5994eb3be48b36517e39d66be96 + * tools/gpgtar-create.c (gpgtar_create): Switch to the -C directory. + + gpgtar: Improve error messages. + + commit 2e4151a3412c3fc553fbb7ad070dfffc68a04b35 + * tools/gpgtar.h (struct tarinfo_s): New. + * tools/gpgtar.c (cmd, skip_crypto, files_from, null_names): Move + global vars more to the top. + (set_cmd): Rename 'cmd' to 'c'. + * tools/gpgtar-list.c (parse_header): Add arg 'info' and improve error + messages. + (read_header): Add arg 'info' and update counter. + (skip_data): Ditto. + (gpgtar_list): Pass info object to read functions. + (gpgtar_read_header): Add arg 'info'. + * tools/gpgtar-extract.c (gpgtar_extract): add arg 'info' and pass on. + (extract_regular): Add arg 'info' and update counter. + + gpg: Make invalid primary key algos obvious in key listings. + + commit d2a7f9078a4673ec53733e4f69fd17a8f1ac962d + * g10/keylist.c (print_key_line): Print a warning for invalid algos. + + sm: Print Yubikey attestation extensions with --dump-cert. + + commit b3c8ce9e4343f1b68b9ba94bdd71b7d8e13b139a + * sm/keylist.c (oidtranstbl): Add Yubikey OIDs. + (OID_FLAG_HEX): New. + (print_hex_extn): New. + (list_cert_raw): Make use of that flag. + + (cherry picked from commit 86c241a8c9a952ea8007066b70b04f435e2e483e) + +2019-03-07 NIIBE Yutaka <gniibe@fsij.org> + + tests: Add "disable-scdaemon" in gpg-agent.conf. + + commit 150d5452318eafa6aa800ff3b87f8f8eb35ed203 + * tests/openpgp/defs.scm: Add "disable-scdaemon". Remove + "scdaemon-program". + * tests/gpgme/gpgme-defs.scm, tests/gpgsm/gpgsm-defs.scm: Likewise. + * tests/inittests, tests/pkits/inittests: Add "disable-scdaemon" + +2019-03-07 Werner Koch <wk@gnupg.org> + + scd: Fix flushing of CA-FPR data objects. + + commit e7eafe10197557ce874db2f049d683f90f26e0bc + * scd/app-openpgp.c (do_setattr): Add new table item to flush a + different tag. + +2019-03-07 NIIBE Yutaka <gniibe@fsij.org> + + agent: Support --mode=ssh option for CLEAR_PASSPHRASE. + + commit 77a285a0a94994ee9b42289897f9bf3075c7192d + * agent/command.c (cmd_clear_passphrase): Add support for SSH. + +2019-03-07 Daniel Kahn Gillmor <dkg@fifthhorseman.net> + + gpgv: Improve documentation for keyring choices. + + commit a7b2a87f940dba078867c44f1f50d46211d51719 + * doc/gpgv.texi: Improve documentation for keyring choices + +2019-02-28 Werner Koch <wk@gnupg.org> + + sm: Don't mark a cert as de-vs compliant if it leads to SHA-1 sigs. + + commit be69bf0cbd11cb8c0d452e07066669aacc6caafa + * sm/keylist.c (print_compliance_flags): Also check the digest_algo. + Add new arg 'cert'. + +2019-02-28 Daniel Kahn Gillmor <dkg@fifthhorseman.net> + + gpgsm: default to 3072-bit keys. + + commit 121286d9d1506dbaad9ba33bae2e459814fe5849 + * doc/gpgsm.texi, doc/howto-create-a-server-cert.texi: : update + default to 3072 bits. + * sm/certreqgen-ui.c (gpgsm_gencertreq_tty): update default to + 3072 bits. + * sm/certreqgen.c (proc_parameters): update default to 3072 bits. + * sm/gpgsm.c (main): print correct default_pubkey_algo. + +2019-02-26 Werner Koch <wk@gnupg.org> + + conf: New option --show-socket. + + commit 92e26ade5c0d52f2e50eaf338a0bb8006e75711c + * tools/gpgconf-comp.c (gc_component_t): Move this enum to ... + * tools/gpgconf.h: here. + * tools/gpgconf.c (oShowSocket): New. + (opts): Add new option. + (main): Implement new option. + +2019-02-25 Werner Koch <wk@gnupg.org> + + scd: Don't let the "undefined" app cause a conflict error. + + commit 0eb8095626be71160dfa66284a7b0a6a57cb03e3 + * scd/app.c (check_conflict): Ignore "undefined". + + (cherry picked from commit 5ecc7a02609dde65096ddb12e0ff8f6bce3b774a) + + sm: Fix certificate creation with key on card. + + commit 54c56230e305a38d6fd0c3bf1262172fd5fbcb87 + * sm/certreqgen.c (create_request): Fix for certmode. + + agent: Fix for suggested Libgcrypt use. + + commit 0a95b153811f36739d1b20f23920bad0bb07c68b + * agent/divert-scd.c (divert_pkdecrypt): Skip a flags parameter. + +2019-02-25 NIIBE Yutaka <gniibe@fsij.org> + + gpgscm: Build well even if NDEBUG defined. + + commit 8161afb9dddaba839be92fbe9d85c05235eda825 + * gpgscm/scheme.c (gc_reservation_failure): Fix adding ";". + [!NDEBUG] (scheme_init_custom_alloc): Don't init seserved_lineno. + +2019-02-19 Neal H. Walfield <neal@g10code.com> + + gpg: Fix comparison. + + commit 14e5435afb50dc9a9243ff3e0aed5030beba2914 + * g10/gpgcompose.c (literal_name): Complain if passed zero arguments, + not one or fewer. + +2019-02-19 NIIBE Yutaka <gniibe@fsij.org> + + agent: Fix cancellation handling for scdaemon. + + commit 005e951714ff62087b8c8802e05d14b7998826f3 + * agent/call-scd.c (cancel_inquire): Remove. + (agent_card_pksign, agent_card_pkdecrypt, agent_card_writekey) + (agent_card_scd): Don't call cancel_inquire. + + scd: Distinguish cancel by user and protocol error. + + commit 90e5f49b6a2e002d3c67a041a076f07aeb7a7f54 + * scd/apdu.h (SW_HOST_CANCELLED): New. + * scd/apdu.c (host_sw_string): Support SW_HOST_CANCELLED. + (pcsc_error_to_sw): Return SW_HOST_CANCELLED for PCSC_E_CANCELLED. + * scd/iso7816.c (map_sw): Return GPG_ERR_INV_RESPONSE for + SW_HOST_ABORTED and GPG_ERR_CANCELED for SW_HOST_CANCELLED. + + common: Fix gnupg_wait_processes. + + commit 6e422b5135c71f8fa859a3f4de51bf89e3ff5ac6 + * common/exechelp-posix.c (gnupg_wait_processes): Loop for r_exitcodes + even if we already see an error. + +2019-02-14 Ingvar Hagelund <ingvar@redpill-linpro.com> + + po: Correct a simple typo in the Norwegian translation. + + commit a09bba976d2f5694011a9291189a70a0f3c4caae + + +2019-02-12 Werner Koch <wk@gnupg.org> + + Release 2.2.13. + + commit 7922e2dd1c7eee48a8a2cf4799827942489ddd0f + + +2019-02-11 Werner Koch <wk@gnupg.org> + + sm: In --gen-key with "key from card" show also the algorithm. + + commit d1bee9d1efa28fa9d35b7eed1e616c6362fd044e + * sm/certreqgen-ui.c (gpgsm_gencertreq_tty): Get and show algo. + + common: Provide function to get public key algo names in our format. + + commit d29d73264f607642281fb701a17015306c8fc4d7 + * common/sexputil.c (pubkey_algo_string): New. + + common: New functions get_option_value and ascii_strupr. + + commit ee8d1a9e6c09b3ecc4b46f47b79358f78d458916 + * common/server-help.c (get_option_value): New. + * common/stringhelp.c (ascii_strupr): New. + + scd: Make app_genkey and supporting ISO function more flexible. + + commit 14816c798099925e47908e7ce415412d72fbe28e + * scd/app.c (app_genkey): Add arg keytype. + * scd/app-common.h (struct app_ctx_s): Fitto for the genkey member. + * scd/command.c (cmd_genkey): Adjust for change. + * scd/iso7816.c (do_generate_keypair): Replace arg read_only by new + args p1 and p2. + (iso7816_read_public_key): Adjust for this. + (iso7816_generate_keypair): Add new args p1 and p2. + * scd/app-openpgp.c (do_genkey): Adjust for changes. + + scd: Fix parameter name of app_change_key. + + commit c075274aac0ffd388df638548b75a7d90e7e929d + * scd/app-common.h (APP_GENKEY_FLAG_FORCE): New. + * scd/app.c (app_change_pin): Rename arg reset_mode to flags and + change from int to unsigned int. + + scd: Allow standard keyref scheme for app-openpgp. + + commit 6651a0640d0f1b4dd161210dc55974d9b93b7253 + * scd/app-openpgp.c (do_change_pin): Allow prefixing the CHVNO with + "OPENPGP." + + gpg: Emit an ERROR status if no key was found with --list-keys. + + commit 14ea581a1c040b53b0ad4c51136a7948363b1e4b + * g10/keylist.c (list_one): Emit status line. + +2019-02-06 NIIBE Yutaka <gniibe@fsij.org> + + po: Update Japanese translation. + + commit c16685b2f5021105ef0560cb3db68ef43bcdb9c1 + + + agent: Clear bogus pinentry cache, when it causes an error. + + commit 9109bb9919f84d5472b7e62e84b961414a79d3c2 + * agent/agent.h (PINENTRY_STATUS_*): Expose to public. + (struct pin_entry_info_s): Add status. + * agent/call-pinentry.c (agent_askpin): Clearing the ->status + before the loop, let the assuan_transact set ->status. When + failure with PINENTRY_STATUS_PASSWORD_FROM_CACHE, it returns + soon. + * agent/findkey.c (unprotect): Clear the pinentry cache, + when it causes an error. + + dirmngr: Fix initialization of assuan's nPth hook. + + commit 7f4c3eb0a039621c564b6095ab5f810524843157 + * dirmngr/dirmngr.c (main): Move assuan_set_system_hooks to... + (thread_init): ... here. + +2019-01-30 Werner Koch <wk@gnupg.org> + + gpg: Allow generating Ed25519 key from an existing key. + + commit 31d2a1eecaee766919b18bc42b918d9168f601f8 + * g10/misc.c (map_pk_gcry_to_openpgp): Add EdDSA mapping. + +2019-01-29 Werner Koch <wk@gnupg.org> + + gpg: Implement searching keys via keygrip. + + commit 5e5f3ca0c2e08185a236b4d04b318f81004e3223 + * kbx/keybox-defs.h (struct _keybox_openpgp_key_info): Add field grip. + * kbx/keybox-openpgp.c (struct keyparm_s): New. + (keygrip_from_keyparm): New. + (parse_key): Compute keygrip. + * kbx/keybox-search.c (blob_openpgp_has_grip): New. + (has_keygrip): Call it. + + common: Provide some convenient OpenPGP related constants. + + commit b78f293cf06f447d1d0a5c416ac129a4e1cf9f8c + * common/openpgpdefs.h (OPENPGP_MAX_NPKEY): New. + (OPENPGP_MAX_NSKEY): New. + (OPENPGP_MAX_NSIG): New. + (OPENPGP_MAX_NENC): New. + * g10/packet.h: Define PUBKEY_MAX using the new consts. + + (cherry picked from commit f382984966a31a4cbe572bce5370590c5490ed1e) + + common: New helper functions for OpenPGP curve OIDs. + + commit dddbb26155f292fde2909ecc84b62b693b6dea49 + * common/openpgp-oid.c (openpgp_oidbuf_to_str): Factor most code out + to ... + (openpgp_oidbuf_to_str): new. + (openpgp_oidbuf_is_ed25519): New. + (openpgp_oidbuf_is_cv25519): New. + +2019-01-22 Werner Koch <wk@gnupg.org> + + scd: Add option --clear to PASSWD. + + commit d4082ff430afe670510d2c1c7ea66ee9ddcbe505 + * scd/command.c (cmd_passwd): Add option --clear. + (send_status_printf): New. + * scd/app-common.h (APP_CHANGE_FLAG_CLEAR): New. + * scd/app-nks.c (do_change_pin): Return an error if that option is + used. + * scd/app-openpgp.c (do_change_pin): Ditto. + + scd: One new and one improved 7816 function. + + commit 9309175de8c76de44021c25c7885355ff1a9b67b + * scd/apdu.c (apdu_send_direct): New arg R_SW. + * scd/command.c (cmd_apdu): Ditto. + * scd/iso7816.c (iso7816_apdu_direct): New arg R_SW. + (iso7816_general_authenticate): New. + * scd/app-nks.c (get_chv_status, get_nks_version): Pass NULL for new + arg. + + ssh: Simplify the curve name lookup. + + commit 11a65159f997ccd69ecb9d867c1f3d0c4d8837d6 + * agent/command-ssh.c (struct ssh_key_type_spec): Add field + alt_curve_name. + (ssh_key_types): Add some alternate curve names. + (ssh_identifier_from_curve_name): Lookup also bey alternative names + and return the canonical name. + (ssh_key_to_blob): Simplify the ECDSA case by using gcry_pk_get_curve + instead of the explicit mapping. + (ssh_receive_key): Likewise. Use ssh_identifier_from_curve_name to + validate the curve name. Remove the reverse mapping because since + GnuPG-2.2 Libgcrypt 1.7 is required. + (ssh_handler_request_identities): Log an error message. + + gpg: Stop early when trying to create a primary Elgamal key. + + commit f5d3b982e44c5cfc60e9936020102a598b635187 + * g10/misc.c (openpgp_pk_test_algo2): Add extra check. + +2019-01-17 NIIBE Yutaka <gniibe@fsij.org> + + scd: Fix for USB INTERRUPT transfer. + + commit 9dc76d599cd4c86d3c187d078daad1144a92564c + * scd/ccid-driver.c (intr_cb): When LIBUSB_TRANSFER_NO_DEVICE, + just handle this event as failure. + +2018-12-19 NIIBE Yutaka <gniibe@fsij.org> + + agent: Fix message for ACK button. + + commit 80a08b655f8f5e7a7d78b766f1770fd474081a48 + * agent/divert-scd.c (getpin_cb): Display correct message. + +2018-12-18 Werner Koch <wk@gnupg.org> + + Silence compiler warnings new with gcc 8. + + commit 21fc089148678f59edb02e0e16bed65b709fb972 + * dirmngr/dns.c: Include gpgrt.h. Silence -Warray-bounds also gcc. + * tests/gpgscm/scheme.c: Include gpgrt.h. + (Eval_Cycle): Ignore -Wimplicit-fallthrough. + + wks: Do not use compression for the encrypted data. + + commit 16424d8a34c7f6af1071fd19dfc180cb7d17c052 + * tools/gpg-wks-client.c (encrypt_response): Add arg -z0. + * tools/gpg-wks-server.c (encrypt_stream): Ditto. + +2018-12-18 NIIBE Yutaka <gniibe@fsij.org> + + po: Update Japanese translation. + + commit ae9159e0685098ee97d6f526666524423f4a0fff + + + scd: Support "acknowledge button" feature. + + commit ffe31f405f9b5e4929e95c3d66c613052cb7727e + * scd/apdu.c (set_prompt_cb): New member function. + (set_prompt_cb_ccid_reader): New function. + (open_ccid_reader): Initialize with set_prompt_cb_ccid_reader. + (apdu_set_prompt_cb): New. + * scd/app.c (lock_app, unlock_app): Add call to apdu_set_prompt_cb. + * ccid-driver.c (ccid_set_prompt_cb): New. + (bulk_in): Call ->prompt_cb when timer extension. + * scd/command.c (popup_prompt): New. + + agent: Support --ack option for POPUPPINPADPROMPT. + + commit e6be36ee8854dc343a5e0f914991da3da360b513 + * agent/divert-scd.c (getpin_cb): Support --ack option. + +2018-12-14 Werner Koch <wk@gnupg.org> + + Release 2.2.12. + + commit 7d8f4ee7cf56eda988acdc909160cbac71bff18a + + +2018-12-11 Werner Koch <wk@gnupg.org> + + agent: Make the S2K calibration time runtime configurable. + + commit de29a50e7c8a779ac0832a149bcf3eb2c4191dc9 + * agent/protect.c (s2k_calibration_time): New file global var. + (calibrate_s2k_count): Use it here. + (get_calibrated_s2k_count): Replace function static var by ... + (s2k_calibrated_count): new file global var. + (set_s2k_calibration_time): New function. + * agent/gpg-agent.c (oS2KCalibration): New const. + (opts): New option --s2k-calibration. + (parse_rereadable_options): Parse that option. + +2018-12-11 Daniel Kahn Gillmor <dkg@fifthhorseman.net> + + agent: compile-time configuration of s2k calibration. + + commit 0cf0f3aaf835d29848f1485df357606254ba6fad + * configure.ac: add --with-agent-s2k-calibration=MSEC, introduces + AGENT_S2K_CALIBRATION (measured in milliseconds) + * agent/protect.c (calibrate_s2k_count): Calibrate based on + AGENT_S2K_CALIBRATION. + + (cherry picked from commit 926d07c5fa05de05caef3a72b6fe156606ac0549) + +2018-12-11 Werner Koch <wk@gnupg.org> + + dirmngr: Retry another server from the pool on 502, 503, 504. + + commit e5abdb6da7fa7cd4d146c7285b160277511bc230 + * dirmngr/ks-engine-hkp.c (handle_send_request_error): Add arg + http_status and handle it. + (ks_hkp_search): Get http_status froms end_request and pass on to + handle_send_request_error. + (ks_hkp_get): Ditto. + (ks_hkp_put): Ditto. + + dirmngr: New function http_status2string. + + commit b9d71ea64a694582739c18cfef9621b36d5371e9 + * dirmngr/http.c (http_status2string): New. + + gpg: In search-keys return "Not found" instead of "No Data". + + commit f7ff25edadd474f83fccba6fd3c410eb8358bb22 + * g10/keyserver.c (keyserver_search): Check for NO_DATA. + +2018-12-11 Tomi Leppänen <tomi.leppanen@jolla.com> + + tools: Use POSIX compatible arguments for find. + + commit dfcc5e6d3ec91f547feb78e442946e729b49878c + * tools/addgnupghome (filelist): Remove bashism. + +2018-12-06 NIIBE Yutaka <gniibe@fsij.org> + + scd: Make "learn" report about KDF data object. + + commit d4bc8051525a33b28b1e33daf35d79c1d6cd9c41 + * scd/app-openpgp.c (do_learn_status): Report KDF attr. + * g10/card-util.c (current_card_status): Output KDF for with_colons. + + card: Display if KDF is enabled or not. + + commit 751ff784e5316470f266750d299ae857ad7840d8 + * g10/call-agent.h (kdf_do_enabled): New field. + * g10/call-agent.c (learn_status_cb): Set kdf_do_enabled if available. + * g10/card-util.c (current_card_status): Inform the availability. + + g10: Fix memory leak for --card-status. + + commit 293001e2c6f0e228ff7f1b6a3e2606ae1370a5d5 + * g10/card-util.c (card_status): Release memory of serial number. + +2018-12-05 NIIBE Yutaka <gniibe@fsij.org> + + g10: Fix print_pubkey_info new line output. + + commit c5aba093b86e7d69b34ddcf55130f8f21e889b5c + * g10/keylist.c (print_pubkey_info): Reverse the condition. + +2018-12-05 Werner Koch <wk@gnupg.org> + + gpg: New list-option "show-only-fpr-mbox". + + commit 9b538451682c704b4036c0ecdb7e6b0ef8570016 + * g10/gpg.c (parse_list_options): Add option "show-only-fpr-mbox". + * g10/options.h (LIST_SHOW_ONLY_FPR_MBOX): New. + * g10/keylist.c (list_keyblock_simple): New. + (list_keyblock): Call it. + (list_all): Do not print the keyring name in LIST_SHOW_ONLY_FPR_MBOX + mode. + + wks: Fix filter expression syntax flaw. + + commit 80bf1f8901dcbbb2cb6cacc11cca98705ce8f59d + * tools/wks-util.c (wks_get_key, wks_filter_uid): The filter + expression needs a space before the value. + (install_key_from_spec_file): Replace es_getline by es_read_line and + remove debug output. + + wks: Allow reading of --install-key arguments from stdin. + + commit b6fd60dfa1709f162c25eb72cf8c45d0ab9bf34f + * tools/wks-util.c (install_key_from_spec_file): New. + (wks_cmd_install_key): Call it. + * tools/gpg-wks-client.c (main): Allow --install-key w/o arguments. + * tools/gpg-wks-server.c (main): Ditto. + + (cherry picked from commit ba46a359b9d6549b74ec8401ea39bad434d87564) + + wks: Create sub-directories. + + commit bf29d7c822264a40f1469c7b5024d93b955a3a1e + * tools/wks-util.c (wks_compute_hu_fname): Stat and create directory + if needed. + + (cherry picked from commit 73e5b0ec9b9ba5e04e55f8c42d81e23df7c3afe0) + + wks: Add new commands --install-key and --remove-key to the client. + + commit 5b4aa8c6d4abfa3135ec3ab23decf9bdd624df3e + * tools/gpg-wks-client.c (aInstallKey, aRemoveKey, oDirectory): New. + (opts): Add "--install-key", "--remove-key" and "-C". + (parse_arguments): Parse them. + (main): Check that the given directory exists. Implement the new + commands. + + wks: Move a few server functions to wks-util. + + commit 51b722c6f57b80a3b9caa417b7a74e7fab80043f + * tools/gpg-wks-server.c (write_to_file): Move to ... + * tools/wks-util.c: here. + * tools/gpg-wks-server.c (compute_hu_fname): Move to ... + * tools/wks-util.c (wks_compute_hu_fname): here. + * tools/gpg-wks-server.c (fname_from_userid): Move to ... + * tools/wks-util.c (wks_fname_from_userid): here. + * tools/gpg-wks-server.c (command_install_key): Move to ... + * tools/wks-util.c (wks_cmd_install_key): here and change caller. + * tools/gpg-wks-server.c (command_remove_key): Move to ... + * tools/wks-util.c (wks_cmd_remove_key): here and change callers. + + (cherry picked from commit 99094c992c20dd22971beb3527cfda109cd1df89) + +2018-12-05 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + g10/mainproc: disable hash contexts when --skip-verify is used. + + commit 6008410e512cb74a4a2ad3f6e3fce4669e4f7e2c + * g10/mainproc.c (proc_plaintext): Do not enable hash contexts when + opt.skip_verify is set. + + common/iobuf: fix memory wiping in iobuf_copy. + + commit ebd434a45eefd34bd9d9f875f22a74a47b88dd5f + * common/iobuf.c (iobuf_copy): Wipe used area of buffer instead of + first sizeof(char*) bytes. + + common: Use platform memory zeroing function for wipememory. + + commit 21fdef6963539680a16b68b7536378bdaa8dea85 + * common/mischelp.h (wipememory): Replace macro with function + prototype. + (wipememory2): Remove. + * common/mischelp.c (wipememory): New. + * configure.ac (AC_CHECK_FUNCS): Check for 'explicit_bzero' and + remove duplicated checks. + +2018-12-05 Werner Koch <wk@gnupg.org> + + gpg: Improve error message about failed keygrip computation. + + commit edeebe0a6b9a49d2291d6351d52c5bc688d24cff + * g10/keyid.c (keygrip_from_pk): Print the fingerprint on failure. + + (cherry picked from commit cd64af003d4b6b46b69dbd575f73d53359ae0bcc) + +2018-11-23 Werner Koch <wk@gnupg.org> + + dirmngr: Avoid possible CSRF attacks via http redirects. + + commit 4a4bb874f63741026bd26264c43bb32b1099f060 + * dirmngr/http.h (parsed_uri_s): Add fields off_host and off_path. + (http_redir_info_t): New. + * dirmngr/http.c (do_parse_uri): Set new fields. + (same_host_p): New. + (http_prepare_redirect): New. + * dirmngr/t-http-basic.c: New test. + * dirmngr/ks-engine-hkp.c (send_request): Use http_prepare_redirect + instead of the open code. + * dirmngr/ks-engine-http.c (ks_http_fetch): Ditto. + +2018-11-12 Andre Heinecke <aheinecke@intevation.de> + + dirmngr: Add FLUSHCRLs command. + + commit 00321a025f90990a71b60b4689ede1f38fbde347 + Summary: + * dirmngr/crlcache.c (crl_cache_flush): Also deinit the cache. + * dirmngr/server.c (hlp_flushcrls, cmd_flushcrls): New. + (register_commands): Add FLUSHCRLS. + +2018-11-06 Werner Koch <wk@gnupg.org> + + Release 2.1.11. + + commit cb46b787571ef149856be03b8c3481bb79871698 + + +2018-11-06 NIIBE Yutaka <gniibe@fsij.org> + + g10: Fix print_keygrip for smartcard. + + commit 627839ea88da11a9e8d033e3c91bdf5a048b15c3 + * g10/card-util.c (print_keygrip): Use tty_fprintf. + +2018-11-05 Werner Koch <wk@gnupg.org> + + wks: New option --with-colons for gpg-wks-client. + + commit 66e0bd37ee3dd5ab534b2664493576ef6ad15a08 + * tools/gpg-wks.h (opt): Add field with_colons. + * tools/gpg-wks-client.c (oWithColons): New const. + (opts, parse_arguments): Add option --with-colons. + (main): Change aSupported to take several domains in --with-colons + mode. + (command_send): Factor policy getting code out to ... + (get_policy_and_sa): New function. + (command_supported): Make use of new function. + + speedo: Remove obsolete configure option of gpgme. + + commit 593895a5e495c4647efa7db164356f3cae3d5759 + * build-aux/speedo.mk (speedo_pkg_gpgme_configure): Remove + --disable-w32-qt option. + + dirmngr: In verbose mode print the OCSP responder id. + + commit 50756927ce6247abc2fadefbc76c58b75c8a7586 + * dirmngr/ocsp.c (ocsp_isvalid): Print the responder id. + + (cherry picked from commit 0a7f446c189201ca6e527af08b44da756b343209) + + tools: Replace duplicated code in mime-maker. + + commit d5f540e7a9b3a723ba787e3a587fcd1b0948f105 + * tools/rfc822parse.c (HEADER_NAME_CHARS): New. Taken from + mime-maker.c. + (rfc822_valid_header_name_p): New. Based on code from mime-maker.c. + (rfc822_capitalize_header_name): New. Copied from mime-maker.c. + (capitalize_header_name): Remove. Replace calls by new func. + (my_toupper, my_strcasecmp): New. + * tools/mime-maker.c: Include rfc822parse.h. + (HEADER_NAME_CHARS, capitalize_header_name): Remove. + (add_header): Replace check and capitalization by new functions. + + gpg: Don't take the a TOFU trust model from the trustdb, + + commit 82cd7556fdce989aaacf91e0d369a62e4652f224 + * g10/tdbio.c (tdbio_update_version_record): Never store a TOFU model. + (create_version_record): Don't init as TOFU. + (tdbio_db_matches_options): Don't indicate a change in case TOFU is + stored in an old trustdb file. + + dirmngr: Emit SOURCE status also on NO_DATA. + + commit ab7a907a184f37ddafaa0dc7200c76b735ba4853 + * dirmngr/ks-engine-hkp.c (ks_hkp_search): Send SOURCE status also on + NO DATA error. + (ks_hkp_get): Ditto. + * g10/call-dirmngr.c (gpg_dirmngr_ks_search): Print "data source" info + also on error. + (gpg_dirmngr_ks_get): Ditto. + + dirmngr: Fix LDAP port parsing. + + commit 5ab58d3001b0342aecaf691b1af70b1f76426f55 + * dirmngr/misc.c (host_and_port_from_url): Fix bad port parsing and a + segv for a missing slash after the host name. + +2018-10-26 Werner Koch <wk@gnupg.org> + + build: By default build wks-tools on all Unix platforms. + + commit 8a33d5c9c699d2145d39b362d580df67571c5f36 + (cherry picked from commit b83fed64f8051279a8f36e024c1f12f7f13c4716) + + wkd: Add option --directory to the server. + + commit 839426104a0c829f0182b22048fdc51cf295beb7 + * tools/gpg-wks-server.c (opts): Add '--directory', + (main): Explain how to set correct permissions. + (command_list_domains): Create an empty policy file and remove the + warning for an empty policy file. + +2018-10-25 Werner Koch <wk@gnupg.org> + + dirmngr: Fix out of scope use of a var in the keyserver LDAP code. + + commit 26ebb15bec897a105b248680c1ddf1806592b1eb + * dirmngr/ks-engine-ldap.c (extract_attributes): Don't use a variabale + out of scope and cleanup the entire pgpKeySize block. + +2018-10-24 Werner Koch <wk@gnupg.org> + + agent: Fix possible uninitalized use of CTX in simple_pwquery. + + commit e53253485cd7ceb7012505a629d2cd997167ccab + * common/simple-pwquery.c (agent_open): Clear CTX even on early error. + + agent: Fix possible release of unitialize var in a genkey error case. + + commit 62c75271173f83c5770576aae7b84f55a9ccbc16 + * agent/command.c (cmd_genkey): Initialize 'value'. + + ssh: Fix possible infinite loop in case of an read error. + + commit 147e59b7815daafb32b570a96f1d1925d0f37008 + * agent/command-ssh.c (ssh_handler_add_identity): Handle other errors + than EOF. + + tools: Fix FILE memory leak in gpg-connect-agent. + + commit f1561e5196e54f11b18050eeaeda50e786d188c2 + * tools/gpg-connect-agent.c (do_open): dup the fileno and close the + stream. + + (cherry picked from commit 378719f25fe00d46393541f4a4f79e04484c3000) + + sm: Use the correct string in an error message. + + commit 1b9b0fc54b9bcd5eb1e63816bd3222d7ac7572a7 + * sm/gpgsm.c (main): Fix error message. + +2018-10-24 Andre Heinecke <aheinecke@intevation.de> + + dirmngr: Only print info for no ldapserver file. + + commit 01baee2b0ef4f81ac6ffa55480e91168dd27b430 + * dirmngr/dirmngr.c (parse_ldapserver_file): Only print info + for ENOENT. + +2018-10-23 Andre Heinecke <aheinecke@intevation.de> + + sm: Fix dirmngr loadcrl for intermediate certs. + + commit 6b36c16f77722d17f4f317c788701cbc1e9552b2 + * sm/call-dirmngr.c (run_command_inq_cb): Support ISTRUSTED. + (inq_certificate): Distinguish unsupported inquiry error. + +2018-10-22 Werner Koch <wk@gnupg.org> + + dirmngr: Prepare for updated WKD specs with ?l= param. + + commit a2bd4a64e5b057f291a60a9499f881dd47745e2f + * dirmngr/server.c (proc_wkd_get): Tack the raw local address to the + request. + + gpg: Fix extra check for sign usage of a data signature. + + commit b0d6e26bf3c8decaa568c9e4a5b2451d9af0b25b + * g10/sig-check.c (check_signature_end_simple): + +2018-10-15 NIIBE Yutaka <gniibe@fsij.org> + + scd: Fix signing authentication status. + + commit 7e2b0488d13561be2b754e28801de654747a8dcc + * scd/app-openpgp.c (do_sign): Clear DID_CHV1 after signing. + +2018-10-02 NIIBE Yutaka <gniibe@fsij.org> + + common: Fix gnupg_reopen_std. + + commit 8f844ae1cd16e27ad07d45784b1f0ff2917da2b8 + * common/sysutils.c (gnupg_reopen_std): Use fcntl instead of fstat. + +2018-09-10 NIIBE Yutaka <gniibe@fsij.org> + + common: Use iobuf_get_noeof to avoid undefined behaviors. + + commit 0383e7fed7b2a45c7f0ae4c11415c6a9a3a3ddb7 + * common/iobuf.c (block_filter): Use iobuf_get_noeof. + + agent: Fix error code check from npth_mutex_init. + + commit 213379debe5591dad6339aa95aa7282e0de620f9 + * agent/call-pinentry.c (initialize_module_call_pinentry): It's an + error when npth_mutex_init returns non-zero. + +2018-09-07 NIIBE Yutaka <gniibe@fsij.org> + + g10: Fix memory leak. + + commit 91f8a9b33a1282cbf00cb4b71b177088f0d923d7 + * g10/import.c (read_block): Call free_packet to skip the packet. + +2018-09-06 NIIBE Yutaka <gniibe@fsij.org> + + Fix use of strncpy, which is actually good to use memcpy. + + commit f0fdee2e24a25f57a84e1684984ce3921d923e0a + * common/ssh-utils.c (get_fingerprint): Use memcpy. + * g10/build-packet.c (string_to_notation): Use memcpy. + +2018-08-30 Werner Koch <wk@gnupg.org> + + Release 2.2.10. + + commit 24697074f44c18eeeedbc1e09d35f56504c57a1f + + +2018-08-30 Ineiev <ineiev@gnu.org> + + po: Update Russian translation. + + commit 2f5ba3a6c19b7a514488be01b7683287d74545d3 + + +2018-08-29 Werner Koch <wk@gnupg.org> + + gpg: Explain error message in key generation with --batch. + + commit a9931b3c052ee9025705a8ef1f0cdd5f20aeda70 + * g10/keygen.c (generate_keypair): Show more info. + + gpg: Remove unused function get_pubkeys. + + commit 719fc941b6eceb75c2326335d9d73011823ff3f9 + * g10/getkey.c (get_pubkeys): Remove. + (pubkey_free): Remove and use code directly ... + (pubkeys_free): ... here. + + (cherry picked from commit ed8fe21e6612401846fc4af8631f0136dc633c67) + + gpg: New option --known-notation. + + commit a59a9962f48f828ea7d22362dfa6d82841551110 + * g10/gpg.c (oKnownNotation): New const. + (opts): Add option --known-notation. + (main): Set option. + * g10/parse-packet.c (known_notations_list): New local var. + (register_known_notation): New. + (can_handle_critical_notation): Rewrite to handle the new feature. + Also print the name of unknown notations in verbose mode. + +2018-08-28 Ineiev <ineiev@gnu.org> + + po: Update Russian translation. + + commit b02ad56a9041273df58ded4cc70cf5ffa9e58c16 + + +2018-08-28 Werner Koch <wk@gnupg.org> + + assuan: Fix exponential decay for first second. + + commit 38eb7c360bc4867cbaf37e3c2c0865bc6452ba4a + * common/asshelp.c (wait_for_sock): Round SECSLEFT. + * dirmngr/dirmngr.c (main): Take care of --debug-wait also in dameon + mode. + * common/sysutils.c (gnupg_usleep) [HAVE_NANOSLEEP]: Fix nanosleep use. + +2018-08-28 Daniel Kahn Gillmor <dkg@fifthhorseman.net> + + assuan: Use exponential decay for first 1s of spinlock. + + commit 1189df2cd7d4b6896ba22aa204c159ff2a425ead + * common/asshelp.c (wait_for_sock): instead of checking the socket + every second, we check 10 times in the first second (with exponential + decay). + + assuan: Reorganize waiting for socket. + + commit a22a55b994e06dd06157fbdabf5a402d8daf69c2 + * common/asshelp.c (wait_for_sock): New function, collecting + codepaths from... + (start_new_gpg_agent) here and... + (start_new_dirmngr) here. + +2018-08-28 Werner Koch <wk@gnupg.org> + + gpg: Refresh expired keys originating from the WKD. + + commit 0709f358cd13abc82e0f97f055fcaa712f0fd44f + * g10/getkey.c (getkey_ctx_s): New field found_via_akl. + (get_pubkey_byname): Set it. + (only_expired_enc_subkeys): New. + (get_best_pubkey_byname): Add support to refresh expired keys from the + WKD. + + gpg: Remove unused arg from a function. + + commit 11a9fe1c5820b97d7e0f4b3e91f016df9dc466a9 + * g10/getkey.c (get_best_pubkey_byname): Remove unused arg 'no_akl'. + Change both callers. + + (cherry picked from commit db67ccb759426c1173761574b14bdfe6a76394c2) + +2018-08-10 NIIBE Yutaka <gniibe@fsij.org> + + g10: Fix undefined behavior when EOF in parsing packet for S2K. + + commit 822c633845066756b6442ca67b93b4b5c4316ca0 + * g10/parse-packet.c (parse_symkeyenc): Use iobuf_get_noeof. + (parse_key): Likewise. + +2018-07-29 Werner Koch <wk@gnupg.org> + + gpg: Set a limit for a WKD import of 256 KiB. + + commit f1c0d9bb6506eee6a3ad93ef432fe6aa5b72aabd + * g10/call-dirmngr.c (MAX_WKD_RESULT_LENGTH): New. + (gpg_dirmngr_wkd_get): Use it. + + dirmngr: Validate SRV records in WKD queries. + + commit 8a98aa25bb4bdbfe53afd4534f6624454ca01ab0 + * dirmngr/server.c (proc_wkd_get): Check the returned SRV record names + to mitigate rogue DNS servers. + + common: New function to validate domain names. + + commit 4f59187a17f16d559e37a375501a0add1ca7eee8 + * common/mbox-util.c (is_valid_domain_name): New. + * common/t-mbox-util.c (run_dns_test): New test. + + (cherry picked from commit ddee9f9409fb5a089883eab0fadef7b9b7e61e72) + +2018-07-29 Jiří Keresteš <jiri.kerestes@trustica.cz> + + scd: Add support for Trustica Cryptoucan. + + commit d43248af9242d30e95f58285e4f2a2e927aae937 + (cherry picked from commit 967d3649d24aba623133808e8d01675dff389fbb) + +2018-07-12 Werner Koch <wk@gnupg.org> + + Release 2.2.9. + + commit 2b82db61ccfe57d077dff43e0d732b51c73e1a45 + + +2018-07-09 Werner Koch <wk@gnupg.org> + + gpg: Remove multiple subkey bindings during export-clean. + + commit 61562fe00027a4263f53661ad279072bd0b0133e + * g10/key-clean.c (clean_one_subkey_dupsigs): New. + (clean_all_subkeys): Call it. + + gpg: Let export-clean remove expired subkeys. + + commit 8055f186a32e628028de897b7ee4705cd8e999b7 + * g10/key-clean.h (KEY_CLEAN_NONE, KEY_CLEAN_INVALID) + (KEY_CLEAN_ENCR, KEY_CLEAN_AUTHENCR, KEY_CLEAN_ALL): New. + * g10/key-clean.c (clean_one_subkey): New. + (clean_all_subkeys): Add arg CLEAN_LEVEL. + * g10/import.c (import_one): Call clean_all_subkeys with + KEY_CLEAN_NONE. + * g10/export.c (do_export_stream): Call clean_all_subkeys depedning on + the export clean options. + + gpg: Split key cleaning function for clarity. + + commit 046276db3a04f1907ddcf77c3771832613918226 + * g10/key-clean.c (clean_key): Rename to clean_all_uids and split + subkey cleaning into ... + (clean_all_subkeys): new. Call that always after the former clean_key + invocations. + + gpg: Move key cleaning functions to a separate file. + + commit 40bf383f72b5629de739e30c9c35bbcb628273e8 + * g10/trust.c (mark_usable_uid_certs, clean_sigs_from_uid) + (clean_uid_from_key, clean_one_uid, clean_key): Move to ... + * g10/key-clean.c: new file. + * g10/key-clean.h: New. + * g10/Makefile.am (gpg_sources): Add new files. + * g10/export.c, g10/import.c, g10/keyedit.c, g10/trustdb.c: Include + new header. + * g10/trustdb.h (struct key_item, is_in_klist): Move to ... + * g10/keydb.h: here. + +2018-07-06 Werner Koch <wk@gnupg.org> + + gpg: Allow decryption using several passphrases in may cases. + + commit b4599a0449ead7dc5c0d922aa78b6168e625e15e + * g10/mainproc.c (symkey_decrypt_seskey): Check for a valid algorithm. + (proc_symkey_enc): Clear passpharse on error from above function. + +2018-07-05 Werner Koch <wk@gnupg.org> + + po: Add flag options for xgettext. + + commit 833738a316977ee774399bd658d535216dff22e9 + * po/Makevars (XGETTEXT_OPTIONS): Add --flag options. + + gpg: Prepare for signatures with ISSUER_FPR but without ISSUER. + + commit 221af19351addcdc28a1cd533c8628cfa3841671 + * g10/getkey.c (get_pubkey_for_sig): New. + (get_pubkeyblock_for_sig): New. + * g10/mainproc.c (issuer_fpr_raw): Give global scope. + (check_sig_and_print): Use get_pubkeyblock_for_sig. + * g10/pkclist.c (check_signatures_trust): Use get_pubkey_for_sig. + * g10/sig-check.c (check_signature2): Ditto. + (check_signature_over_key_or_uid): Ditto. + +2018-07-04 Andre Heinecke <aheinecke@intevation.de> + + po: Fix bug in german translation. + + commit 063cf45c142f33815bc0f31d0fb3e1b25ca57b8c + * po/de.po (decryption forced to fail!): Fix translation. + +2018-07-04 Werner Koch <wk@gnupg.org> + + gpg: Ignore too large user ids during import. + + commit cb6b925f94b42c91fe8a7ed8bb22d98984538efc + * g10/import.c (read_block): Add special treatment for bad user ids + and comment packets. + + gpg: Extra check for sign usage when verifying a data signature. + + commit ef50fdf82a459894ed3da7b9be83f89658f1eaba + * g10/sig-check.c (check_signature_end_simple): Check sign usage. + +2018-07-03 Werner Koch <wk@gnupg.org> + + gpg: Print revocation reason for "rev" records. + + commit 04fb76684d8b2c9cda2e5c35bad6edec521cffa5 + * g10/main.h: Add prototype. + * g10/keylist.c (list_keyblock_print): Print revocation info. + (list_keyblock_colon): Ditto. + + * g10/test-stubs.c (get_revocation_reason): New stub. + * g10/gpgv.c (get_revocation_reason): New stub. + + gpg: Print revocation reason for "rvs" records. + + commit a8e24addcc4e0fdff7d07acdd7e13bf6febf97d2 + * g10/import.c (get_revocation_reason): New. + (list_standalone_revocation): Extend function. + + gpg: Let --show-keys print revocation certificates. + + commit 5c67ee160d4969b1ef94642ac602e1aed4d9a6d7 + * g10/import.c (list_standalone_revocation): New. + (import_revoke_cert): Call new function. + +2018-07-03 NIIBE Yutaka <gniibe@fsij.org> + + g10: Fix memory leak for PKT_signature. + + commit 2809be1f97a447171a9e8b40079851740b15341a + * g10/getkey.c (buf_to_sig): Free by free_seckey_enc. + * g10/gpgcompose.c (signature): Likewise. + * g10/sign.c (write_signature_packets): Likewise. + +2018-07-02 NIIBE Yutaka <gniibe@fsij.org> + + libdns: For SOCKS connection, just fails. + + commit cca92ca5348999a3564dd54d7b0a103cc9e7640c + * dirmngr/dns.c (dns_res_exec): If it's DNS_SO_SOCKS_CONN, don't + iterate to other server, but return the error immediately. + +2018-06-20 NIIBE Yutaka <gniibe@fsij.org> + + libdns: Let kernel to decide the local port. + + commit 72a35ffee022f1bf180d02250c5be6a4edb599e7 + * dirmngr/dns.c (LEAVE_SELECTION_OF_PORT_TO_KERNEL): New. + (dns_socket): Don't select ephemeral port in user space. + +2018-06-18 NIIBE Yutaka <gniibe@fsij.org> + + libdns: Fix for non-FQDN hostname. + + commit 87d0ecf8a1b80139a6cab2a79f1ca6e287207999 + * dirmngr/dns.c (dns_resconf_open): Clear search[0] for non-FQDN + hostname. + + libdns: Fix connect and try next nameserver when ECONNREFUSED. + + commit 699fe4b36f62b0f4d4e21a85ee7c9ae13377d6cb + * dirmngr/dns.c (dns_so_check): When EINVAL, release the association + by connect with AF_UNSPEC and try again. Also try again for + ECONNREFUSED. + (dns_res_exec): Try next nameserver when ECONNREFUSED. + + libdns: Clear struct sockaddr_storage by zero. + + commit 0c05b08e8b5c1f120fe5f3ed5c061f034f7496a0 + * dirmngr/dns.c (dns_resconf_pton): Clear SS. + (dns_resconf_setiface): Clear ->IFACE. + (dns_hints_root, send_query): Clear SS. + + libdns: Sync to upstream. + + commit 20c289606f89803929948ddd18910acff2acc9eb + * dirmngr/dns.c (dns_nssconf_loadfile): Handle exclamation mark. + + dirmngr: Fix recursive resolver mode. + + commit 13320db678675246f4bb5a3fb6ece143f37c34a4 + * dirmngr/dns-stuff.c (libdns_init): Initialize options.recurse. + +2018-06-12 Werner Koch <wk@gnupg.org> + + gpg: Do not import revocations with --show-keys. + + commit e8f439e0547463c24f3c10008fee73e6c4259f52 + * g10/import.c (import_revoke_cert): Add arg 'options'. Take care of + IMPORT_DRY_RUN. + +2018-06-12 Daniel Kahn Gillmor <dkg@fifthhorseman.net> + + gpg: Add new usage option for drop-subkey filters. + + commit 86b64876bef0d8c4be8e309fcf3e2ce21e65a947 + * g10/import.c (impex_filter_getval): Add new "usage" property for + drop-subkey filter. + +2018-06-11 Werner Koch <wk@gnupg.org> + + gpg: Set some list options with --show-keys. + + commit cbb84b3361263504dcb958208bc20177cb97cebd + * g10/gpg.c (main): Set some list options. + +2018-06-08 Werner Koch <wk@gnupg.org> + + gpg: Allow building with older libgpg-error. + + commit 18274db32b5dea7fe8db67043a787578c975de4d + * g10/mainproc.c (proc_encrypted): Use constant from logging.h + + Release 2.2.8. + + commit cd9aaa7862955846f8adf819cd89d0db33e9c08c + + +2018-06-08 Ineiev <ineiev@gnu.org> + + po: Update Russian translation. + + commit 77ab99f80a5b0fbc60e05230185a54cd200d5e65 + + +2018-06-08 Werner Koch <wk@gnupg.org> + + gpg: Sanitize diagnostic with the original file name. + + commit 210e402acd3e284b32db1901e43bf1470e659e49 + * g10/mainproc.c (proc_plaintext): Sanitize verbose output. + +2018-06-07 Werner Koch <wk@gnupg.org> + + gpg: Improve import's repair-key duplicate signature detection. + + commit 6a87a0bd2501d82f4a6263608e4856e841305caf + * g10/key-check.c (key_check_all_keysigs): Factor some code out to ... + (remove_duplicate_sigs): new. + (key_check_all_keysigs): Call remove_duplicate_sigs again after + reordering. + + gpg: Fix import's repair-key duplicate signature detection. + + commit cedd754fcb03f6dad6e462efc3d347bcef4ec83a + * g10/packet.h (PKG_siganture): Add field 'help_counter'. + * g10/key-check.c (sig_comparison): Take care of HELP_COUNTER. + (key_check_all_keysigs): De-duplicate on a per-block base. + + gpg: Improve verbose output during import. + + commit 36cc730fa516b3a197f3bb1eb6f3881dd128fbb7 + * g10/import.c (chk_self_sigs): Print the subkeyid in addition to the + keyid. + (delete_inv_parts): Ditto. + + (cherry picked from commit 1bc6b5174248ba4d83d648ef6d6f4550540d1f20) + +2018-06-06 Werner Koch <wk@gnupg.org> + + agent: Add DBUS_SESSION_BUS_ADDRESS et al. to the startup list. + + commit c5c8fb1ec7c8690495de6189ec2c3a322db4e881 + * agent/gpg-agent.c (agent_copy_startup_env): Replace explicit list + with the standard list. + + gpg: Also detect a plaintext packet before an encrypted packet. + + commit 054a187f24b19313cec59414fa924640e1b8c79c + * g10/mainproc.c (proc_encrypted): Print warning and later force an + error. + + gpg: New command --show-keys. + + commit dc87a3341f28ddac1113e90a3861d062be2610e2 + * g10/gpg.c (aShowKeys): New const. + (opts): New command --show-keys. + (main): Implement command. + * g10/import.c (import_keys_internal): Don't print stats in show-only + mode. + (import_one): Be silent in show-only mode. + +2018-05-31 Werner Koch <wk@gnupg.org> + + gpg: Print a hint on how to decrypt a non-mdc message anyway. + + commit 825909e9cd5f344ece6c0b0ea3a9475df1d643de + * g10/mainproc.c (proc_encrypted): Print a hint for legacy ciphers w/o + MDC. Also print a dedicated status error code + + (cherry picked from commit 874e391665405fc413a69f2ffacdb94bb08da7ff) + + gpg: Detect multiple literal plaintext packets more reliable. + + commit 2f2b1d1da949e8fce28d3c4a934b4097d6f24295 + * g10/mainproc.c (proc_encrypted): Bump LITERALS_SEEN. + + gpg: Remove MDC options. + + commit 866667765f38bf65b612191209d0f0a87fb16393 + * g10/gpg.c: Turn options --force-mdc, --no-force-mdc, --disable-mdc + and --no-disable-mdc into NOPs. + * g10/encrypt.c (use_mdc): Simplify. MDC is now almost always used. + * g10/cipher.c (write_header): Include extra hint and make + translatable. + * g10/options.h (struct opt): Remove fields force_mdc and disable_mdc. + + gpg: Hard fail on a missing MDC even for legacy algorithms. + + commit 3db1b48a2da42942cb5a57281441167901bdcdc8 + * g10/mainproc.c (proc_encrypted): Require an MDC or AEAD + * tests/openpgp/defs.scm (create-gpghome): Use --ignore-mdc-error to + allow testing with the current files. + + gpg: Turn --no-mdc-warn into a NOP. + + commit 26c0d3a3fc903c1a0de644ebcc99d3e665a80941 + * g10/gpg.c (oNoMDCWarn): Remove. + (opts): Make --no-mdc-warn a NOP. + (main): Don't set var. + * g10/options.h (struct opt): Remove 'no_mdc_var'. + * g10/cipher-cfb.c (write_header): Assume opt.no_mdc_warn is false. + * g10/mainproc.c (proc_encrypted): Ditto. + +2018-05-07 Ineiev <ineiev@gnu.org> + + doc: Update description of displayed trust values. + + commit ed12a1dabaf928e8620fc26ca426c935e1a8a880 + * doc/trust-values.texi: New file. + * doc/Makefile.am (EXTRA_DIST): Add trust-values.texi. + * doc/gnupg.texi (Trust Values): New chapter. + * doc/gpg.texi (OpenPGP Key Management): Update the description + of how trust values are displayed, replace table with a reference + to Trust Values. + * doc/gpg.texi (GPG Examples): Add @mansect trust values. + +2018-05-02 Werner Koch <wk@gnupg.org> + + Release 2.2.7. + + commit d31d149196832ed6b8849017d8bcd0852c6ca96c + + + gpg: Fix minor memory leak in the compress filter. + + commit d26363e4f1933781c86cbe87077fbf1b9a2b64d8 + * g10/compress.c (push_compress_filter2): Return an error if no filter + was pushed. + (push_compress_filter): Ditto. + (handle_compressed): Free CFX if no filter was pushed. + * g10/import.c (read_block): Ditto. + + gpg: Fix "Too many open files" when using --multifile. + + commit f7f3043653abe699602f910ddd09c1405675c7f6 + * common/miscellaneous.c (is_file_compressed): Don't cache the file. + + dirmngr: Implement timeout for dirmngr_ldap under Windows. + + commit 007dde93cc3971cb51d08e8c082e172506ae7f80 + * dirmngr/dirmngr_ldap.c (alarm_thread) [W32]: New. + (set_timeout): Implement for W32. + + build: New configure option to help with nPth debugging. + + commit ddfd39e91a532fd31cd0c20c5d4cf9643acc58bd + * configure.ac: Add option --enable-npth-debug + +2018-05-02 Andre Heinecke <aheinecke@intevation.de> + + common,w32: Hide spawned processes by default. + + commit 3bd793256e2e4be52075d50ccf2df70c4a2e1a0f + * common/exechelp-w32.c (gnupg_spawn_process): Use SW_HIDE + instead of SW_MINIMIZE. + +2018-04-30 Werner Koch <wk@gnupg.org> + + dirmngr: Sleep in the ldap wrapper thread. + + commit a598bbeeafa30f7854230eed212b76d5c5c77f86 + * dirmngr/ldap-wrapper.c (wrapper_list): Rename to reaper_list. + (ldap_reaper_thread): Protect all list modification with a mutex. Use + a condition var to wake up the reaper thread. + +2018-04-27 Werner Koch <wk@gnupg.org> + + dirmngr: Use the LDAP wrapper process also for Windows. + + commit f9fbfc64e402bd41815a68426f55565fa6d5c726 + * dirmngr/ldap-wrapper.c: Revamp module to make use of es_poll for + portability. + * configure.ac: Always use the ldap wrapper. + + dirmngr: Silence log output from dirmngr_ldap. + + commit d22506a343cec61b7d1a48c970b63a8458b267ab + * dirmngr/dirmngr_ldap.c: Remove assert.h. + (main): Replace assert by log_assert. + * dirmngr/ldap.c (run_ldap_wrapper): Use debug options to pass + verbose options to dirmngr_ldap. + (start_cert_fetch_ldap): Ditto. + +2018-04-26 Werner Koch <wk@gnupg.org> + + dirmngr: Lower the dead host resurrection time to 1.5h. + + commit 5789afc840cf79ba2a8cebd9d772ef9c3868c5e9 + * dirmngr/ks-engine-hkp.c (RESURRECT_INTERVAL): Decrease. + (INITIAL_HOSTTABLE_SIZE): Increase because the old values was likely + for development. + + dirmngr: Fix handling of CNAMEed keyserver pools. + + commit cc66108253c58583d6bad3d1e2da2b004701d0f0 + * dirmngr/ks-engine-hkp.c (map_host): Don't use the cname for HTTPHOST. + * dirmngr/server.c (make_keyserver_item): Map keys.gnupg.net. + +2018-04-25 Werner Koch <wk@gnupg.org> + + dirmngr: Add the used TLS library to the debug output. + + commit bb8894760fe87cf46a42599f11eab7e7c7a8eb71 + * dirmngr/http.c (send_request): Print the used TLS library in debug + mode. + + dirmngr: Allow redirection from https to http for CRLs. + + commit 1de4462974113ac18cf98f903e97cd1127fa842f + * dirmngr/ks-engine.h (KS_HTTP_FETCH_NOCACHE): New flag. + (KS_HTTP_FETCH_TRUST_CFG): Ditto. + (KS_HTTP_FETCH_NO_CRL): Ditto. + (KS_HTTP_FETCH_ALLOW_DOWNGRADE): Ditto. + * dirmngr/ks-engine-http.c (ks_http_fetch): Replace args send_no_cache + and extra_http_trust_flags by a new flags arg. Allow redirectiong + from https to http it KS_HTTP_FETCH_ALLOW_DOWNGRADE is set. + * dirmngr/loadswdb.c (fetch_file): Call with KS_HTTP_FETCH_NOCACHE. + * dirmngr/ks-action.c (ks_action_get): Ditto. + (ks_action_fetch): Ditto. + * dirmngr/crlfetch.c (crl_fetch): Call with the appropriate flags. + + dirmngr: Implement CRL fetching via https. + + commit 705d8e9cf0d109005b3441766270c0e584f7847d + * dirmngr/http.h (HTTP_FLAG_TRUST_CFG): New flag. + * dirmngr/http.c (http_register_cfg_ca): New. + (http_session_new) [HTTP_USE_GNUTLS]: Implement new trust flag. + * dirmngr/certcache.c (load_certs_from_dir): Call new function. + (cert_cache_deinit): Ditto. + * dirmngr/http-ntbtls.c (gnupg_http_tls_verify_cb): Ditto. + * dirmngr/ks-engine-http.c (ks_http_fetch): Add new args + 'send_no_cache' and 'extra_http_trust_flags'. Change all callers to + provide the default value. + * dirmngr/crlfetch.c (crl_fetch): Rewrite to make use of + ks_http_fetch. + +2018-04-25 NIIBE Yutaka <gniibe@fsij.org> + + g10: Fix printing the keygrip with --card-status. + + commit 71903eee89496e3f1d0a24536bced6ff16df6783 + * g10/card-util.c (current_card_status): Keygrip for Auth is 3. + +2018-04-24 Werner Koch <wk@gnupg.org> + + dirmngr: Fallback to CRL if no default OCSP responder is configured. + + commit 460e3812be711bd18195053d74aa736215f21eee + * dirmngr/server.c (cmd_isvalid): Use option second arg to trigger + OCSP checkibng. Fallback to CRL if no default OCSP responder has been + configured. + * sm/call-dirmngr.c (gpgsm_dirmngr_isvalid): Adjust accordingly. + +2018-04-20 Andre Heinecke <aheinecke@intevation.de> + + dirmngr: More binary I/O on Windows for CRLs. + + commit 64c1fddb253061a9773c6c4ed2a9c5a54702d21b + * dirmngr/crlcache.c (lock_db_file, crl_cache_insert): Open cache + file in binary mode. + + doc: Remove unneccesary empty flags in vsndf.prf. + + commit a44ed3d9a1ad5bd96694f10ea5523c517982017e + * doc/examples/vsnfd.prf (max-cache-ttl): Remove empty flags. + +2018-04-16 emma peel <emma.peel@aktivix.org> + + po: more updates to Spanish translation. + + commit acd6d5ff7436bb7fba171ced3294046a14fb777d + + + po: correct attribution for Spanish translation. + + commit 21b2e88a7e6c3d7313773c9ffb3e0d1fb2af45df + + + po: correct label tags in Polish translation. + + commit a5290dace7f85d66272af3e14f9f2bc43d2a4af8 + + + po: correct label tags in Finnish translation. + + commit e12475429578add12a53fb2232cb45dc9e2aae1b + + +2018-04-15 Werner Koch <wk@gnupg.org> + + build: New target "release" to automate the release process. + + commit 3b1ee413a65bf566aa8e5f29a5a2cd5a94e66faa + * Makefile.am (RELEASE_ARCHIVE_DIR): New. + (RELEASE_SIGNING_KEY): New. + (AM_DISTCHECK_CONFIGURE_FLAGS): Remove removed --enable-gpg2-is-gpg, + (RELEASE_NAME, RELEASE_W32_STEM_NAME): New. + (release, sign-release): New. + +2018-04-13 NIIBE Yutaka <gniibe@fsij.org> + + g10: Fix memory leak in check_sig_and_print. + + commit f747b8f0734338baa1e608b193b213aca2c577e8 + * g10/mainproc.c (check_sig_and_print): Free the public key. + + g10: Push compress filter only if compressed. + + commit c31abf84659dbda5503dd9f3aa3449520bcd1b84 + * g10/compress.c (handle_compressed): Fix memory leak. + +2018-04-12 Werner Koch <wk@gnupg.org> + + gpg: Extend the "sig" record in --list-mode. + + commit 69c3e7acb744e1e5606a4d946e3b948704cfbbae + * g10/getkey.c (get_user_id_string): Add arg R_NOUID. Change call + callers. + (get_user_id): Add arg R_NOUID. Change call callers. + * g10/mainproc.c (issuer_fpr_string): Make global. + * g10/keylist.c (list_keyblock_colon): Print a '?' for a missing key + also in --list-mode. Print the "issuer fpr" field also if there is an + issuer fingerprint subpacket. + + gpg: Extend the ERRSIG status line with a fingerprint. + + commit 23a714598c247d78cfda46a6dc338b17e17cc194 + * g10/mainproc.c (issuer_fpr_raw): New. + (issuer_fpr_string): Re-implement using issuer_fpr_rtaw. + (check_sig_and_print): Don't free ISSUER_FPR. Use ISSUER_FPR_RAW. + Use write_status_printf. Extend ERRSIG status. + + gpg: Relax printing of STATUS_FAILURE. + + commit e2bd152a928d79ddfb95fd2f7911c80a1a8d5a21 + * g10/gpg.c (g10_exit): Print STATUS_FAILURE only based on passed + return code and not on the presence of any call to log_error. + + agent,dirmngr: Add "getenv" to the getinfo command. + + commit bbb5bfacc0d1f179cfec94fd32fee01a09df0f1d + * agent/command.c (cmd_getinfo): Add sub-command getenv. + * dirmngr/server.c (cmd_getinfo): Ditto. + +2018-04-12 Andre Heinecke <aheinecke@intevation.de> + + build: Update getswdb version check to 2.2. + + commit 327fece0aed2c9974659c72304f9fd1f461d460c + * build-aux/getswdb.sh: Check for gnupg22_ver gnupg21_ver no + longer exists. + +2018-04-11 Werner Koch <wk@gnupg.org> + + gpg: New option --no-symkey-cache. + + commit 789d240cb40ab36406a7c57ad49897e0bafbb41e + * g10/gpg.c (oNoSymkeyCache): New. + (opts): Add that option. + (main): Set var. + * g10/options.h (struct opt): New field no_symkey_cache. + * g10/passphrase.c (passphrase_to_dek): Implement that feature. + +2018-04-10 Werner Koch <wk@gnupg.org> + + agent: Improve the unknown ssh flag detection. + + commit 9f69dbeb902ac447adbc92937cd451c4e909f234 + * agent/command-ssh.c (ssh_handler_sign_request): Simplify detection + of flags. + +2018-04-10 Daniel Kahn Gillmor <dkg@fifthhorseman.net> + + agent: unknown flags on ssh signing requests cause an error. + + commit 381c46818ffa4605d0ca39818fe317de445eb6de + * agent/command-ssh.c (ssh_handler_sign_request): if a flag is passed + during an signature request that we do not know how to apply, return + GPG_ERR_UNKNOWN_OPTION. + + agent: change documentation reference for ssh-agent protocol. + + commit 55435cdd4fe4fbfbcba1098bb715ecd6171ba2d8 + * agent/command-ssh.c: repoint documentation reference. + +2018-04-09 Werner Koch <wk@gnupg.org> + + Release 2.2.6. + + commit 6fbe2ddbaf5123ae444c95fdf8da67840f794c76 + + + gpg,w32: Fix empty homedir when only a drive letter is used. + + commit 6da7aa1e7c80d214bd9dccb21744919ae191f2c8 + * common/homedir.c (copy_dir_with_fixup): New. + (default_homedir): Use here. + (gnupg_set_homedir): And here . + + doc: Document --key-edit:change-usage. + + commit a4e26f2ee852003707857ab0635b783acb89a2f8 + * g10/keyedit.c (menu_changeusage): Make strings translatable. + +2018-04-06 Werner Koch <wk@gnupg.org> + + gpg: Check that a key may do certifications. + + commit 1a5d95e7319e7e6f0dd11064a26cbbc371b05214 + * g10/sig-check.c (check_signature_end_simple): Check key usage for + certifications. + (check_signature_over_key_or_uid): Request usage certification. + + gpg: Emit FAILURE stati now in almost all cases. + + commit 0336e5d1a7b9d46e06c838e6a98aecfcc9542882 + * g10/cpr.c (write_status_failure): Make it print only once. + * g10/gpg.c (wrong_args): Bump error counter. + (g10_exit): Print a FAILURE status if we ever did a log_error etc. + (main): Use log_error instead of log_fatal at one place. Print a + FAILURE status for a bad option. Ditto for certain exit points so + that we can see different error locations. + + gpg: Re-indent sig-check.c and use signature class macros. + + commit 5ba74a134db431530884f03eea5410a68dbfe0f5 + * g10/keydb.h (IS_BACK_SIG): New. + * g10/sig-check.c: Re-indent and use macros. + +2018-04-06 NIIBE Yutaka <gniibe@fsij.org> + + agent: Support SSH signature flags. + + commit 80b775bdbb852aa4a80292c9357e5b1876110c00 + * agent/command-ssh.c (SSH_AGENT_RSA_SHA2_256): New. + (SSH_AGENT_RSA_SHA2_512): New. + (ssh_handler_sign_request): Override SPEC when FLAGS + is specified. + +2018-04-05 NIIBE Yutaka <gniibe@fsij.org> + + g10: Let card-edit/key-attr show message when change. + + commit 870527df0dd704c994928348c8c2910030776680 + * g10/card-util.c (ask_card_rsa_keysize): Don't show message here. + (ask_card_keyattr): Show message when change, also for ECC. + +2018-04-04 NIIBE Yutaka <gniibe@fsij.org> + + tests: Fix no gpg-agent upon removal of GNUPGHOME. + + commit 83529e1bd14a6d39f2a8ecab9fb6aa4c1f344c73 + * tests/gpgscm/gnupg.scm (with-ephemeral-home-directory): Add + teadown-fn. + * tests/gpgsm/export.scm: Use -no-atexit version and stop-agent. + * tests/openpgp/decrypt-session-key.scm: Likewise. + * tests/openpgp/decrypt-unwrap-verify.scm: Likewise. + * tests/openpgp/defs.scm (have-opt-always-trust): Likewise. + (setup-environment-no-atexit): New. + (start-agent): Support no use of atexit. + * tests/gpgsm/gpgsm-defs.scm (setup-gpgsm-environment-no-atexit): New. + * tests/migrations/common.scm (untar-armored): Follow the change + of with-ephemeral-home-directory. + +2018-04-03 NIIBE Yutaka <gniibe@fsij.org> + + scd: Writing KDF resets auth state. + + commit cb1731c23cddfa524d3f51cfd82029bff853a073 + * scd/app-openpgp.c (do_setattr): Clear auth state. + +2018-04-02 NIIBE Yutaka <gniibe@fsij.org> + + g10: Fix filtering by PK->REQ_USAGE. + + commit a17d2d1f690ebe5d005b4589a5fe378b6487c657 + * g10/getkey.c (get_pubkey_byfprint): Filter by PK->REQ_USAGE. + +2018-03-30 NIIBE Yutaka <gniibe@fsij.org> + + g10: Fix card-edit/kdf-setup for single salt. + + commit 130ad98240c066383fa0a99bcf5e0ec72bc0dff9 + * g10/card-util.c (gen_kdf_data): Use SALT_USER. + + g10,scd: Support single salt for KDF data object. + + commit 0c097575a9cd923f648fb5bb695893d46400c3ad + * g10/card-util.c (gen_kdf_data): Support single salt. + (kdf_setup): Can have argument for single salt. + * scd/app-openpgp.c (pin2hash_if_kdf): Support single salt. + + g10: Add "key-attr" command for --card-edit. + + commit 820380335a20391e0998fb1ba32ebfb9accedc5b + * g10/card-util.c (key_attr): New explicit command. + (generate_card_keys, card_generate_subkey): Don't ask key attr change. + (card_edit): Add for cmdKEYATTR. + + scd: Support changing key attribute back to RSA. + + commit 29692718768c28c524be6306081ab1852e75fe07 + * scd/app-openpgp.c (change_rsa_keyattr): Try usual RSA. + +2018-03-29 NIIBE Yutaka <gniibe@fsij.org> + + g10: Support key attribute change at --card-edit/generate. + + commit a1515b3bbc10a210040dda3b482bcdb933fa8d7c + * g10/card-util.c (ask_card_rsa_keysize): Drop support for magic + number 25519 for ed25519/cv25519. Rename from ask_card_keyattr. + (ask_card_keyattr): Support ECC, as well as RSA. + (do_change_keyattr): Support ECC dropping magical number 25519. + * g10/keygen.c (ask_curve): Allow call from outside, adding last arg + of CURRENT. + (generate_keypair): Follow the change of ask_curve. + (generate_subkeypair): Likewise. + + g10: check_pin_for_key_operation should be just before genkey. + + commit 02d7bb819ff44cc90212568dd6ce24ae1dc5d17f + * g10/card-util.c (generate_card_keys): Check PIN later. + (card_generate_subkey): Likewise. + +2018-03-28 NIIBE Yutaka <gniibe@fsij.org> + + g10: Change ask_curve so that it can be used outside. + + commit e610d51f0de11154050915b951bcc5c53c940f5e + * g10/call-agent.h (struct key_attr): New. + * g10/keygen.c (ask_curve): Return const char *. No allocation. + (quick_generate_keypair): Follow the change. + (generate_keypair, generate_subkeypair): Likewise. + (parse_algo_usage_expire): Return const char *. + +2018-03-27 NIIBE Yutaka <gniibe@fsij.org> + + agent,scd: Use pointer to represent HANDLE. + + commit 96918346beeca7a46de9f03f19502373994c21bc + * agent/call-scd.c [HAVE_W32_SYSTEM] (start_scd): Format with %p. + * scd/command.c [HAVE_W32_SYSTEM] (option_handler): Use void *. + +2018-03-27 Werner Koch <wk@gnupg.org> + + agent: Make the request origin a part of the cache items. + + commit 02dce8c0cc57deb2095a9b06aeb8f4dea34eef7e + * agent/cache.c (agent_put_cache): Add arg 'ctrl' and change all + callers to pass it. + (agent_get_cache): Ditto. + + * agent/cache.c (struct cache_items_s): Add field 'restricted'. + (housekeeping): Adjust debug output. + (agent_flush_cache): Ditto. + (agent_put_cache): Ditto. Take RESTRICTED into account. + (agent_get_cache): Ditto. + +2018-03-26 Werner Koch <wk@gnupg.org> + + gpg: Auto-fix a broken trustdb with just the version record. + + commit eb68c2d3d1b03a18cd24406fa46d4c30cb13d9f7 + * g10/tdbio.c (get_trusthashrec): Create hashtable on error. + + gpg: Pass CTRL arg to get_trusthashrec. + + commit a750ebebf35a392f1c72d6aee5618df0d9f25ff7 + * g10/tdbio.c (get_trusthashrec): Add arg CTRL. + (tdbio_search_trust_byfpr): Ditto. + (tdbio_search_trust_bypk): Ditto. + + gpg: Return better error codes in case of a too short trustdb. + + commit 403aa70c52e56614d65490dea9344113f9cf3d29 + * g10/tdbio.c (tdbio_read_record): Return GPG_ERR_EOF. + (tdbio_new_recnum): Never return on error. + (lookup_hashtable): Print a more descriptive error in case of !TABLE. + + gpg: Fix trustdb updates without lock held. + + commit 456a3a8e93ea14f821e0e98fb515f284ece98685 + * g10/tdbio.c (is_locked): Turn into a counter. + (take_write_lock, release_write_lock): Implement recursive locks. + + gpg: Disable unused code parts in tdbio.c. + + commit 5f00531463ebc0e606c502696962426007545bb7 + * g10/tdbio.c (in_transaction): Comment this var. + (put_record_into_cache): Comment the transaction code. + (tdbio_sync): Ditto + +2018-03-23 Werner Koch <wk@gnupg.org> + + sm: Add OPTION request-origin. + + commit 137644c9cb58deaaba6850f2763d9c5f9241cb0b + * sm/server.c: Include shareddefs.h. + (option_handler): Add option. + + gpg,sm: New option --request-origin. + + commit 2cd35df5db3c4dfe37616dcfb1fcc644959449ef + * g10/gpg.c (oRequestOrigin): New const. + (opts): New option --request-origin. + (main): Parse that option. + * g10/options.h (struct opt): Add field request_origin. + * g10/call-agent.c (start_agent): Send option to the agent. + * sm/gpgsm.c (oRequestOrigin): New const. + (opts): New option --request-origin. + (main): Parse that option. + * sm/gpgsm.h (struct opt): Add field request_origin. + * sm/call-agent.c (start_agent): Send option to the agent. + + agent: New OPTION pretend-request-origin. + + commit 05c55ee260edc07cd19da56dfd00347bfe3f529c + * common/shareddefs.h (request_origin_t): New. + * common/agent-opt.c (parse_request_origin): New. + (str_request_origin): New. + * agent/command.c (option_handler): Implement new option. + +2018-03-23 NIIBE Yutaka <gniibe@fsij.org> + + build: Fix the manual source field. + + commit 5400a5bb77bddcb14c94d9405312d6181322b090 + + +2018-03-22 Werner Koch <wk@gnupg.org> + + gpg: Implement --dry-run for --passwd. + + commit 165bc38cefbc03515403b60b704cabf4dc0b71f4 + * g10/keyedit.c (change_passphrase): Take care of --dry-run. + +2018-03-22 NIIBE Yutaka <gniibe@fsij.org> + + scd: Support KDF DO setup. + + commit 0152ba7c987443d641ce1091c79f90ef2cc46498 + * g10/call-agent.c (learn_status_cb): Parse the capability for KDF. + * g10/card-util.c (gen_kdf_data, kdf_setup): New. + (card_edit): New admin command cmdKDFSETUP to call kdf_setup. + * scd/app-openpgp.c (do_getattr): Emit KDF capability. + +2018-03-21 Werner Koch <wk@gnupg.org> + + gpg: Fix out-of-bound read in subpacket enumeration. + + commit 983f7b2acbd1e7580652bbeb0c3d64f9dd19d9e4 + * g10/parse-packet.c (enum_sig_subpkt): Check buflen before reading + the type octet. Print diagnostic. + +2018-03-19 NIIBE Yutaka <gniibe@fsij.org> + + scd: signal mask should be set just after npth_init. + + commit 11bbd99477ef5ba5b7db0c17607b10af03c68afb + * scd/scdaemon.c (setup_signal_mask): New. + (main): Call setup_signal_mask. + (handle_connections): Remove signal mask setup. + +2018-03-16 NIIBE Yutaka <gniibe@fsij.org> + + scd: Better user interaction for factory-reset. + + commit 2c85e202bc30231b9555100dec0c490c60d7b88c + * g10/card-util.c (factory_reset): Dummy PIN size is now 32-byte. + Connect the card again at the last step. + +2018-03-15 NIIBE Yutaka <gniibe@fsij.org> + + scd: Fix suspend/resume handling for CCID driver. + + commit fd23a0524d8060ed12d87c679b7823686614aaee + * scd/ccid-driver.c (intr_cb): Try submitting INTERRUPT urb + to see if it's suspend/resume. + +2018-03-13 NIIBE Yutaka <gniibe@fsij.org> + + scd: After fatal error, shutdown a reader. + + commit c84bae69e9e02923f7180e09d161cb0b13257436 + * scd/apdu.c (pcsc_send_apdu): Notify main loop after + fatal errors. + + scd: Fix for GNU/Linux suspend/resume. + + commit 71e5282c25ba812c7091e587edd721839bc4c2ac + * configure.ac (require_pipe_to_unblock_pselect): Default is "yes". + * scd/scdaemon.c (scd_kick_the_loop): Minor clean up. + +2018-03-12 NIIBE Yutaka <gniibe@fsij.org> + + scd: Fix typo in previous commit. + + commit 655f0b9ad0138e6f960bf4befaf0eea569256614 + + +2018-03-09 NIIBE Yutaka <gniibe@fsij.org> + + scd: More fix with PC/SC for Windows. + + commit 1e27c0e04cd3280d498dc8b72d2e410f6287f656 + * scd/apdu.c (pcsc_get_status): Return status based on CURRENT_STATUS. + Add debug log. + +2018-03-08 NIIBE Yutaka <gniibe@fsij.org> + + scd: Fix status check when using PC/SC. + + commit f8b8b6aac2ca1cb34d7a346aee1d874e7650557b + * scd/apdu.c (struct reader_table_s): Add field of current_state. + (new_reader_slot): Initialize current_state. + (pcsc_get_status): Keep the status in READER_TABLE array. + Return SW_HOST_NO_READER when PCSC_STATE_CHANGED. + * scd/scdaemon.c (handle_connections): Silence a warning. + +2018-03-06 Werner Koch <wk@gnupg.org> + + agent: Also evict cached items via a timer. + + commit f060cb5c63923d6caec784f65f3bb0aadf52f795 + * agent/cache.c (agent_cache_housekeeping): New func. + * agent/gpg-agent.c (handle_tick): Call it. + +2018-03-01 Werner Koch <wk@gnupg.org> + + gpg: Print the keygrip with --card-status. + + commit fd595c9d3642dba437fbe0f6e25d7aaaae095f94 + * g10/call-agent.h (agent_card_info_s): Add fields grp1, grp2 and + grp3. + * g10/call-agent.c (unhexify_fpr): Allow for space as delimiter. + (learn_status_cb): Parse KEYPARIINFO int the grpX fields. + * g10/card-util.c (print_keygrip): New. + (current_card_status): Print "grp:" records or with --with-keygrip a + human readable keygrip. + +2018-02-28 Andre Heinecke <aheinecke@intevation.de> + + gpgconf, w32: Allow UNC paths. + + commit e43844c3b0b9ec93b7f2a88752bcd6b6244aacfb + * tools/gpgconf-comp.c (get_config_filename): Allow UNC paths. + +2018-02-22 Michał Górny <mgorny@gentoo.org> + + dirmngr: Handle failures related to missing IPv6 gracefully. + + commit ecfc4db3a2f8bc2652ba4ac4de5ca1cd13bfcbec + * dirmngr/ks-engine-hkp.c (handle_send_request_error): Handle two more + error codes. + +2018-02-22 Werner Koch <wk@gnupg.org> + + Release 2.2.5. + + commit 9581a65ccc10daededc05c55391a04022f794a4a + + + gpg: Don't let gpg return failure on an invalid packet in a keyblock. + + commit b375d50ee4ce52c9b0f0855ec155be027642fb05 + * g10/keydb.c (parse_keyblock_image): Use log_info instead of + log_error for skipped packets. + * g10/keyring.c (keyring_get_keyblock): Ditto. + +2018-02-22 NIIBE Yutaka <gniibe@fsij.org> + + g10: Select a secret key by checking availability under gpg-agent. + + commit 88e766d3915c2919e9968148ebb30463d4a673e4 + * g10/getkey.c (finish_lookup): Add WANT_SECRET argument to confirm + by agent_probe_secret_key. + (get_pubkey_fromfile, lookup): Supply WANT_SECRET argument. + +2018-02-20 Werner Koch <wk@gnupg.org> + + wks: Add special mode to --install-key. + + commit 685a5e1558b2252ac895637fb857f6f7bb85ea7b + * tools/gpg-wks-client.c (get_key_status_parm_s) + (get_key_status_cb, get_key): Move to ... + * tools/wks-util.c: ...here. + (get_key): Rename to wks_get_key. + * tools/gpg-wks-server.c: Include userids.h. + (command_install_key): Allow use of a fingerprint. + + wks: Implement server command --install-key. + + commit ee474856ec16ff11d922d8503fb3ede77129c4aa + * tools/wks-util.c (wks_filter_uid): Add arg 'binary'. + * tools/gpg-wks-server.c (main): Expect 2 args for --install-key. + (write_to_file): New. + (check_and_publish): Factor some code out to ... + (compute_hu_fname): ... new. + (command_install_key): Implement. + + wks: Support alternative submission address. + + commit 1877603761911ea5b1c15f4aef11a2cf86a8682c + * tools/gpg-wks.h (policy_flags_s): Add field 'submission_address'. + * tools/wks-util.c (wks_parse_policy): Parse that field. + (wks_free_policy): New. + * tools/gpg-wks-client.c (command_send): Also try to take the + submission-address from the policy file. Free POLICY. + * tools/gpg-wks-server.c (process_new_key): Free POLICYBUF. + (command_list_domains): Free POLICY. + +2018-02-15 Werner Koch <wk@gnupg.org> + + kbx: Fix detection of corrupted keyblocks on 32 bit systems. + + commit 5e3679ae395e7a7e44f218f07bbe487429f1b279 + * kbx/keybox-search.c (blob_cmp_fpr): Avoid overflow in OFF+LEN + checking. + (blob_cmp_fpr_part): Ditto. + (blob_cmp_name): Ditto. + (blob_cmp_mail): Ditto. + (blob_x509_has_grip): Ditto. + (keybox_get_keyblock): Check OFF and LEN using a 64 bit var. + (keybox_get_cert): Ditto. + +2018-02-15 NIIBE Yutaka <gniibe@fsij.org> + + gpg: Fix reversed messages for --only-sign-text-ids. + + commit ca138d5bf36accde2fd755249b470a8dc8743c95 + * g10/keyedit.c (keyedit_menu): Fix messages. + +2018-02-14 Katsuhiro Ueno <uenobk@gmail.com> + + agent: Avoid appending a '\0' byte to the response of READKEY. + + commit df97fe24807826ddc2af0e45e416fb81c5666f88 + * agent/command.c (cmd_readkey): Set pkbuflen to the length of the output + without an extra '\0' byte. + +2018-02-14 Werner Koch <wk@gnupg.org> + + sm: Fix minor memory leak in --export-p12. + + commit 80719612b7e92aff5887f2a68d550a24f350722c + * sm/export.c (gpgsm_p12_export): Free KEYGRIP. + +2018-02-14 Katsuhiro Ueno <uenobk@gmail.com> + + sm: Fix a wrong key parameter in an exported private key file. + + commit 29aac7798085ee38da5107698618890ae7593c96 + * sm/export.c (sexp_to_kparms): Fix the computation of array[6], + which must be 'd mod (q-1)' but was 'p mod (q-1)'. + +2018-02-14 Werner Koch <wk@gnupg.org> + + common: Use new function to print status strings. + + commit f19ff78f0fbfc2793d8a9ab0173486bf712871ac + * common/asshelp2.c (vprint_assuan_status_strings): New. + (print_assuan_status_strings): New. + * agent/command.c (agent_write_status): Replace by call to new + function. + * dirmngr/server.c (dirmngr_status): Ditto. + * g13/server.c (g13_status): Ditto. + * g13/sh-cmd.c (g13_status): Ditto. + * sm/server.c (gpgsm_status2): Ditto. + * scd/command.c (send_status_info): Bump up N. + +2018-02-13 Arnaud Fontaine <arnaud.fontaine@ssi.gouv.fr> + + scd: Improve KDF-DO support. + + commit 25f3b69129015c54392636818c8846e236f5cb2c + * scd/app-openpgp.c (pin2hash_if_kdf): Check the content of KDF DO. + +2018-02-12 NIIBE Yutaka <gniibe@fsij.org> + + scd: Fix handling for Data Object with no data. + + commit 0a3bec2c2525935362f87dce93d7df2c8d498498 + * scd/app-openpgp.c (get_cached_data): Return NULL for Data Object + with no data. + +2018-02-09 Andre Heinecke <aheinecke@intevation.de> + + doc: Add compliance de-vs to gpgsm in vsnfd.prf. + + commit e0658b19d93b38ed9ebd07734c4678acdde1607d + * doc/examples/vsnfd.prf: Set complaince mode for gpgsm. + +2018-02-07 NIIBE Yutaka <gniibe@fsij.org> + + scd: Use pipe to kick the loop on NetBSD. + + commit 015fe1c47b91da340e9df6bed908e0747ae8c60b + * configure.ac (HAVE_PSELECT_NO_EINTR): New. + * scd/scdaemon.c (scd_kick_the_loop): Write to pipe. + (handle_connections): Use pipe. + +2018-01-29 NIIBE Yutaka <gniibe@fsij.org> + + tests: Fix for NetBSD with __func__. + + commit 64aa98c8a05513d9c00f53a2b880d80f9035333e + * tests/asschk.c: Don't define __func__ if available. + +2018-01-27 Werner Koch <wk@gnupg.org> + + dirmngr: Improve assuan error comment for cmd keyserver. + + commit f8e868d9dfb6fc1390e421e7993a1d076309ed83 + * dirmngr/server.c: Add error comment in case --resolve fails in + ensure_keyserver. + +2018-01-26 NIIBE Yutaka <gniibe@fsij.org> + + agent: Fix last commit. + + commit d7207b39b71d1b07c4cddac602f29ec583f6d1ad + * configure.ac: Check ucred.h as well as sys/ucred.h. + * agent/command-ssh.c: Add inclusion of ucred.h. + + agent: More fix for get_client_pid for portability. + + commit 08e686a6a6d5bcb5410228b388745d09686b260c + * configure.ac: Check sys/ucred.h instead of ucred.h. + * agent/command-ssh.c: Include sys/ucred.h. + +2018-01-22 NIIBE Yutaka <gniibe@fsij.org> + + scd: Support KDF Data Object of OpenPGPcard V3.3. + + commit 91303b7df9c3e810cfcd4920f78bac6f8b7df2b2 + * scd/app-openpgp.c (do_getattr, do_setattr): Add KDF support. + (pin2hash_if_kdf): New. + (verify_a_chv): Add PINLEN arg. Use pin2hash_if_kdf. + (verify_chv2, do_sign): Follow the change of verify_a_chv. + (verify_chv3, do_change_pin): Use pin2hash_if_kdf. + +2018-01-18 Werner Koch <wk@gnupg.org> + + gpg: Fix the use of future-default with --quick-add-key. + + commit e1e35db510c9222e7a7dc208c2e49df556954170 + * g10/keygen.c (parse_key_parameter_part): Add arg clear_cert. + (parse_key_parameter_string): Add arg suggested_use and implement + fallback. Change callers to pass 0 for new arg. + (parse_algo_usage_expire): Pass the parsed USAGESTR to + parse_key_parameter_string so that it can use it in case a subkey is + to be created. + +2018-01-09 Andre Heinecke <aheinecke@intevation.de> + + doc: Note pinentry-mode for passphrase opts. + + commit 6fb5713f4a6976900cc70c140e61043b6ef688d1 + * doc/gpg.texi (--passphrase, --passphrase-file, --passphrase-fd): + Note that pinentry-mode needs to be loopback. + +2018-01-08 Werner Koch <wk@gnupg.org> + + gpg: Print all keys with --decrypt --list-only. + + commit 339b3301ee8410fe3bbdebb66a6e83801d79d40d + * g10/mainproc.c (proc_pubkey_enc): Use dedicated error code for + list-only and put the key into PKENC_LIST. + (print_pkenc_list): Take care of the new error code. + +2018-01-01 Werner Koch <wk@gnupg.org> + + gpg: Allow "futuredefault" as alias for "future-default". + + commit 4d3c500f4793eb263940ff5ef87ec4ead63c9b4b + * g10/keygen.c (parse_key_parameter_string): Allow "futuredefault" and + use case-insensitive matching + (quick_generate_keypair): Ditto. + (parse_algo_usage_expire): Ditto. + +2017-12-29 Werner Koch <wk@gnupg.org> + + gpg: Allow the use of "cv25519" and "ed25519" in the keygen parms. + + commit 412bb7a801f242d47a82712080cce6ddbb843166 + * g10/keygen.c (gen_ecc): Map curve names. + +2017-12-27 NIIBE Yutaka <gniibe@fsij.org> + + scd: Fix for inactive card at start by internal CCID driver. + + commit 4f88b0f56134af2ce56d434b7acd47fcf9b6f7cf + * scd/ccid-driver.c (do_close_reader): Set NULL on close. + (bulk_in): Move DEBUGOUT and check by EP_INTR. + (ccid_get_atr): Clear powered_off flag after initial status check. + +2017-12-22 Werner Koch <wk@gnupg.org> + + kbx: Simplify by removing custom memory functions. + + commit f3ba66781a07af2e32f5887e6e15acdd4822a431 + * kbx/keybox-util.c (keybox_set_malloc_hooks): Remove. + (_keybox_malloc, _keybox_calloc, keybox_realloc) + (_keybox_free): Remove. + (keybox_file_rename): Remove. Was not used. + * sm/gpgsm.c (main): Remove call to keybox_set_malloc_hooks. + * kbx/kbxutil.c (main): Ditto. + * kbx/keybox-defs.h: Remove all separate includes. Include util.h. + remove convenience macros. + * common/logging.h (return_if_fail): New. Originally from + keybox-defs.h but now using log_debug. + (return_null_if_fail): Ditto. + (return_val_if_fail): Ditto. + (never_reached): Ditto. + +2017-12-20 Werner Koch <wk@gnupg.org> + + common: Use larger buffer for homedir in case of 64 bit UIDs. + + commit 290348e349e8d56a856f187a08e913f2ed525b3c + * common/homedir.c (_gnupg_socketdir_internal): Enlarge PREFIX by 6 + bytes for "/gnupg". + + Release 2.2.4. + + commit 558b17593ae97b8a07d06bf0d6af1a626b304501 + + +2017-12-19 Petr Pisar <petr.pisar@atlas.cz> + + po: Update Czech translation. + + commit 43aaf60449036e870cc25b77fbb7312cf3fb534c + + +2017-12-19 Ineiev <ineiev@gnu.org> + + po: Update Russian translation. + + commit c7b8ec6c8e57797f0b77dbf7fca85fb600323328 + + +2017-12-19 Werner Koch <wk@gnupg.org> + + wks: New server options --check, --with-dir, with-file. + + commit 7449063b1af2eef73d621a69cdb2fb713ab1ae6c + * tools/gpg-wks-server.c (aCheck, oWithDir, oWithFile): New const. + (opts): New options --check, --with-dir, and --with-file. + (main): Call command_check_key. + (command_list_domains): Implement option --with-dir. + (fname_from_userid): New. + (command_check_key): New. + (command_remove_key): Implement existsing command. + (command_revoke_key): Call command_remove_key as a simple + implementation. + +2017-12-18 Werner Koch <wk@gnupg.org> + + conf: New option --status-fd. + + commit 482e000b8a7e336f342a7fac3b7379257e944b6e + * tools/gpgconf.c (oStatusFD): New const. + (opts): New option --status-fd. + (statusfp): New var. + (set_status_fd): New. + (gpgconf_write_status): New. + (gpgconf_failure): New. + (main): Set status fd and replace exit by gpgconf_failure. + * tools/gpgconf-comp.c: Repalce exit by gpgconf_failure. + (gc_process_gpgconf_conf): Print a few warning status messages. + + gpgconf: Show --compliance in expert mode. + + commit d74c40cef0a97cd98aa05f13b1541a94eda502a6 + * tools/gpgconf-comp.c (gc_options_gpg): Set compliance to expert. + (gc_options_gpgsm): Ditto. + + sm: Allow explicit setting of the default --compliance=gnupg. + + commit 8c878ae4c9dfa9fe26aa15f4f9db3e86833575e9 + * sm/gpgsm.c (main): Allow setting of the default compliance. + * tools/gpgconf-comp.c (gc_options_gpgsm): Add "compliance". + +2017-12-18 NIIBE Yutaka <gniibe@fsij.org> + + po: Update Japanese translation. + + commit e3ddeff66e8c08a37ddf8b6510d69579c245e192 + * po/ja.po: Fix message with no "%s". + +2017-12-13 Werner Koch <wk@gnupg.org> + + gpg: Print a warning for too much data encrypted with 3DES et al. + + commit 416cf9e9be5d2daf0ef629208031989699b3653f + * g10/filter.h (cipher_filter_context_t): Remove unused filed + 'create_mdc'. Turn field 'header' into a bit field. Add new fields + 'short_blklen_warn' and 'short_blklen_count'. + * g10/cipher.c (write_header): Print a warning if MDC is not used. + (cipher_filter): Print a warning for long messages encrypted with a + short block length algorithm. + + gpg: Simplify cipher:write_header. + + commit b5333e13cbc9db354ed90762190bf70605a02d1f + * g10/cipher.c (write_header): Use write_status_printf. + + gpg: Simplify default_recipient(). + + commit 9f641430dcdecbd7ee205d407cb19bb4262aa95d + * g10/pkclist.c (default_recipient): Use hexfingerprint. + + gpg: Return an error from hexfingerprint on malloc error. + + commit cd26c5482b10bee7658959ae913f2ddb83190587 + * g10/keyid.c (hexfingerprint): Return NULL on malloc failure. Chnage + all callers. + + gpg: Remove some xmallocs. + + commit 29119a6492eda5dd7920e45e7f2faa043d436591 + * g10/getkey.c (get_pubkeys): Do not use xmalloc. + +2017-12-12 Daniel Kahn Gillmor <dkg@fifthhorseman.net> + + gpg: default-preference-list: prefer SHA512. + + commit 8ede3ae29a39641a2f98ad9a4cf61ea99085a892 + * g10/keygen.c (keygen_set_std_prefs): when producing default internal + personal-digest-preferences, keep the same order. When publishing + external preferences, state preference for SHA512 first. + +2017-12-12 Werner Koch <wk@gnupg.org> + + Change backlog from 5 to 64 and provide option --listen-backlog. + + commit c81a447190d2763ac4c64b2e74e22e824da8aba3 + * agent/gpg-agent.c (oListenBacklog): New const. + (opts): New option --listen-backlog. + (listen_backlog): New var. + (main): Parse new options. + (create_server_socket): Use var instead of 5. + * dirmngr/dirmngr.c: Likewise. + * scd/scdaemon.c: Likewise. + + build: New configure option --enable-run-gnupg-user-socket. + + commit 17efcd2a2acdc3b7f00711272aa51e5be2476921 + * configure.ac: (USE_RUN_GNUPG_USER_SOCKET): New ac_define. + * common/homedir.c (_gnupg_socketdir_internal): Add extra directories. + +2017-12-11 Werner Koch <wk@gnupg.org> + + dirmngr: Check for WKD support at session end. + + commit 20b52be9ca29b0bc843fc68a279cb72728ede72f + * dirmngr/domaininfo.c (insert_or_update): Copy the name. + * dirmngr/misc.c (copy_stream): Allow arg OUT to be NULL. + * dirmngr/server.c (set_error): Protect CTX. + (dirmngr_status): Protect against missing ASSUAN_CTX. + (dirmngr_status_help): Ditto. + (dirmngr_status_printf): Ditto. + (cmd_wkd_get): Factor code out to ... + (proc_wkd_get): new func. Support silent operation with no CTX. + (task_check_wkd_support): New. + + dirmngr: Add a background task framework. + + commit f2997adee0455c8c0fa391a853ec1b0c9fc43342 + * dirmngr/workqueue.c: New. + * dirmngr/Makefile.am (dirmngr_SOURCES): Add new file. + * dirmngr/server.c (server_local_s): New field session_id. + (cmd_wkd_get): Add a task. + (task_check_wkd_support): New stub function. + (cmd_getinfo): New sub-commands "session_id" and "workqueue". + (start_command_handler): Add arg session_id and store it in + SERVER_LOCAL. + (dirmngr_status_helpf): New. + * dirmngr/dirmngr.h (wqtask_t): New type. + * dirmngr/dirmngr.c (main): Pass 0 as session_id to + start_command_handler. + (start_connection_thread): Introduce a session_id and pass it to + start_command_handler. Run post session tasks. + (housekeeping_thread): Run global workqueue tasks. + + dirmngr: Limit the number of cached domains for WKD. + + commit 7a663c296e687f12ccd9a21d414de780feb4dfcf + * dirmngr/domaininfo.c (MAX_DOMAINBUCKET_LEN): New. + (insert_or_update): Limit the length of a bucket chain. + (domaininfo_print_stats): Print just one summary line. + + (cherry picked from commit 26f08343fbccdbaa177c3507a3c5e24a5cf94a2d) + + dirmngr: Keep track of domains used for WKD queries. + + commit 6c1dcd79cf0977844179d9a7b189c10af5e42a7e + * dirmngr/domaininfo.c: New file. + * dirmngr/Makefile.am (dirmngr_SOURCES): Add file. + * dirmngr/server.c (cmd_wkd_get): Check whether the domain is already + known and tell domaininfo about the results. + +2017-12-08 NIIBE Yutaka <gniibe@fsij.org> + + agent: Fix description of shadow format. + + commit 5c121d44443b0a96ec6ea82b90717e3dbafd2cc5 + * agent/keyformat.txt, agent/protect.c, agent/t-protect.c: Fix. + +2017-12-07 Werner Koch <wk@gnupg.org> + + build: Do not define logging.h constants for libgpg-error dev versions. + + commit 2fedf8583bcc493f587c90bc9632d25dfd10bd10 + * common/logging.h [GPGRT_LOG_WITH_PREFIX]: Do not define the log + constants. + +2017-12-07 NIIBE Yutaka <gniibe@fsij.org> + + agent: Change intialization of assuan socket system hooks. + + commit b9677ba16f6b386896781a751e4b2fc839e3ec81 + * agent/gpg-agent.c (initialize_modules): Add hook again. + (main): Remove setting of the system houk but add scoket system hook + setting after assuan initialization. + +2017-12-06 NIIBE Yutaka <gniibe@fsij.org> + + agent: Set assuan system hooks before call of assuan_sock_init. + + commit 1524ba9656f0205d8c6ef504f773b832a7a12ab9 + * agent/gpg-agent.c (initialize_modules): Move assuan_set_system_hooks. + (main): ... here, just before assuan_sock_init. + +2017-12-04 NIIBE Yutaka <gniibe@fsij.org> + Damien Goutte-Gattat <dgouttegattat@incenp.org> + + g10: Fix regexp sanitization. + + commit 0d0b9eb0d4f99e8d293a4ce4b90921a879905115 + * g10/trustdb.c (sanitize_regexp): Only escape operators. + +2017-11-26 Werner Koch <wk@gnupg.org> + + gpg: Do not read from uninitialized memory with --list-packets. + + commit 4cf3cc6e3d48c8400466ca29c3f1c22ed2da6c2c + * g10/parse-packet.c (parse_plaintext): Fill up the allocated NAME. + +2017-11-24 Werner Koch <wk@gnupg.org> + + agent: New option --auto-expand-secmem. + + commit 18af15249de5f826c3fa8d1d40e876734adcd0cf + * agent/gpg-agent.c (oAutoExpandSecmem): New enum value. + (opts): New option --auto-expand-secmem. + (main): Implement that option. + +2017-11-22 Werner Koch <wk@gnupg.org> + + gpg: Fix memory leaking for long inputs via --command-fd. + + commit ea28ea18f3ee6c9f5e69986f39848398b58e242e + * g10/cpr.c (do_get_from_fd): Free the old buffer. + +2017-11-21 NIIBE Yutaka <gniibe@fsij.org> + + scd: Enable card removal check after select_application. + + commit 0bb7fd0cab2d53cd0d44b21301b23edfe817e66b + * scd/apdu.c (open_ccid_reader): Fix error handling of ccid_get_atr. + * scd/app.c (select_application): Always kick the loop if new APP. + * scd/ccid-driver.c (ccid_open_usb_reader): Don't setup at open. + (ccid_slot_status): Setup interrupt transfer when !ON_WIRE. + +2017-11-20 Werner Koch <wk@gnupg.org> + + Release 2.2.3. + + commit 97f4feaaca8da4dcf1ca09a2016693155016f06b + + + build: Use -Werror only for the check. + + commit 04d9833e71cc9d0c087faec091c29b0b6cf69488 + * configure.ac: Do not add -Werror to mycflags. + + gpg-agent: Avoid getting stuck in shutdown pending state. + + commit 7ffedfab8909a45a4b0347a5f7b52222e8439f1d + * agent/gpg-agent.c (handle_connections): Always check inotify fds. + +2017-11-20 NIIBE Yutaka <gniibe@fsij.org> + + agent: Use clock or clock_gettime for calibration. + + commit 760aa8aadafb747f33a1461ab0c2570b5ae43716 + * agent/protect.c (calibrate_get_time): Use clock or clock_gettime. + + build: Check -Wlogical-op flag availability with -Werror. + + commit 3ecd1a41be7c880976987d13e88342c98f37e064 + * configure.ac: Use -Werror. + + build: BSD make support for yat2m. + + commit e1984969cac06a88c7e6f5e49e5c3104d10a847d + * configure.ac (YAT2M): Only define when found. + * doc/Makefile.am: Portability fix. + +2017-11-17 Werner Koch <wk@gnupg.org> + + dirmngr: Fix double free of a hash context in the error case. + + commit 2aa106d6a4e2b09c257e8d769895d93ebb7f7edf + * dirmngr/crlcache.c: Clearly document that this fucntions takes + ownership of MD. + (abort_sig_check): Allow NULL for MD. + (crl_parse_insert): Immediately set MD to NULL. Remove check for md + before a calling abort_sig_check. + +2017-11-15 Andre Heinecke <aheinecke@intevation.de> + + w32: Fix default registry path. + + commit 4f5afaf1fdb5cb13859aca390ccb5a1ba1dba00c + * configure.ac (GNUPG_REGISTRY_DIR): Remove leading backslash. + + gpgtar: Prefer --set-filename over implicit name. + + commit 878b8bfdcc3a8becfc46b9287a2d14cd3c875f28 + * tools/gpgtar-extract.c: Prefer opt.filename over filename + for the directory prefix. + +2017-11-15 Werner Koch <wk@gnupg.org> + + gpg: Print AKL info only in verbose mode. + + commit b062ea5bc25157c942047b3fe7f5182a06106340 + * g10/getkey.c (get_pubkey_byname): Print info only in verbose mode. + +2017-11-14 Andre Heinecke <aheinecke@intevation.de> + + sm, w32: Fix initial keybox creation. + + commit 5ecef193bc2144e6d51a6bd5727bfd08a0d28b66 + * sm/keydb.c (maybe_create_keybox): Open new keybox in bin mode. + +2017-11-07 Werner Koch <wk@gnupg.org> + + Release 2.2.2. + + commit 5bd515005032f9340bd73e4346bbd0aef8518074 + + + dirmngr: Reduce default LDAP timeout to 15 seconds. + + commit 30f21f8b0fa6844a9bba3f24dc41b3ac32170109 + * dirmngr/dirmngr.c (DEFAULT_LDAP_TIMEOUT): Change to 15. + * dirmngr/dirmngr_ldap.c (DEFAULT_LDAP_TIMEOUT): Ditto. + + (cherry picked from commit ab7ac827041b5cd97bbca7a75b0930072dd6611f) + + speedo: Include software versions in the W32 README. + + commit 23bfac6d1a8bd2d0af5a6fac3ba3a6e986d6c9e8 + (cherry picked from commit f9f72ffbfa9fd7d1a7a1823697d116d76155b407) + +2017-11-07 Ineiev <ineiev@gnu.org> + + po: Update Russian translation. + + commit 1941287c9d2c9e666bad1bd330db169f0e3d6b6c + + +2017-11-07 NIIBE Yutaka <gniibe@fsij.org> + + po: Update Japanese translation. + + commit 96d441b315ec5c9f329596cfda28ac13a8bfa21a + + +2017-11-06 Werner Koch <wk@gnupg.org> + + agent: New GETINFO sub-commands "s2k_count_cal" and "s2k_time". + + commit 3607ab2cf382296cb398a92d5ec792239960bf7b + * agent/command.c (cmd_getinfo): New sub-commands. + * agent/protect.c (get_standard_s2k_count): Factor some code out to ... + (get_calibrated_s2k_count): new. + (get_standard_s2k_time): New. + + (cherry picked from commit 52d41c8b0f4af6278d18d8935399ddad16a26856) + + agent: New option --s2k-count. + + commit 78a6d0ce88ae14d8324fbab3aee3286b17e49259 + * agent/agent.h (opt): New field 's2k_count'. + * agent/gpg-agent.c (oS2KCount): New enum value. + (opts): New option --s2k-count. + (parse_rereadable_options): Set opt.s2k_count. + +2017-11-06 NIIBE Yutaka <gniibe@fsij.org> + + g10: Unattended key generation "Key-Grip" and "Subkey-Grip". + + commit 680161647ad56d1ca92988f80bcc4d6fcb20b1eb + * g10/keygen.c (pSUBKEYGRIP): New. + (read_parameter_file): Add "Key-Grip" and "Subkey-Grip". + (do_generate_keypair): Support pSUBKEYGRIP. + + g10: Simplify "factory-reset" procedure. + + commit f183b9768b42a6792c55a6129488bd8fbf5e8e6d + * g10/card-util.c (factory_reset): Simplify. + +2017-11-02 Ineiev <ineiev@gnu.org> + + po: Update Russian translation. + + commit 6070f5a61d4d17ff437c69e1b708d49d107c22dc + + +2017-11-02 Werner Koch <wk@gnupg.org> + + gpg: Introduce magic value 25519 to switch a card to ECC. + + commit acb300543422c660c87ac2f0211a42f792a65cc4 + * g10/card-util.c (ask_card_keyattr): Handle special value 25519. + (do_change_keyattr): Allow changing to cv25519/ed25519. + (generate_card_keys): Ditto. + (card_generate_subkey): Ditto. + + gpg: Rename two card related functions in card-util. + + commit de3a740c2e1156e58d2f94faa85c051740c8988e + * g10/card-util.c (ask_card_rsa_keysize): Rename to ask_card_keyattr. + (do_change_rsa_keysize): Rename to do_change_keyattr. + +2017-11-02 NIIBE Yutaka <gniibe@fsij.org> + + agent: Fix returning GPG_ERR_NOT_FOUND wrongly. + + commit 3da47d19df89d302c0ea25921f4bd8ce55705afe + * agent/learncard.c (agent_handle_learn): Find SERIALNO. + +2017-11-01 NIIBE Yutaka <gniibe@fsij.org> + + common: Accept the Z-suffix for yymmddThhmmssZ format. + + commit 0e5bd473a07f188615c4fce26b73bb452d689d68 + * common/gettime.c (isotime_p): Accept the Z suffix. + +2017-10-27 NIIBE Yutaka <gniibe@fsij.org> + + agent: Clean up pinentry access locking. + + commit 3924e1442c6625a2b57573a1a634a5ec56b09a29 + * agent/agent.h (struct server_control_s): Rename PINENTRY_ACTIVE. + * agent/call-pinentry.c (entry_owner): Remove. + (agent_reset_query): Use thread private object of PINENTRY_ACTIVE. + (unlock_pinentry): Add CTRL to arguments to access thread private. + Check and decrement PINENTRY_ACTIVE for recursive use. + (start_pinentry): Check and increment PINENTRY_ACTIVE for recursion. + (agent_askpin): Follow the change of unlock_pinentry API. + (agent_get_passphrase, agent_get_confirmation): Likewise. + (agent_show_message, agent_popup_message_start): Likewise. + (agent_popup_message_stop, agent_clear_passphrase): Likewise. + + agent: Allow recursive use of pinentry. + + commit 4738256f2e0d22302377c9ec7b2ae3999338e6c6 + * agent/agent.h (struct server_control_s): Add pinentry_level. + * agent/call-pinentry.c (agent_popup_message_stop): Not clear + ENTRY_CTX here. + (unlock_pinentry): Handle recursion. Clear ENTRY_CTX here. + (start_pinentry): Allow recursive use. + +2017-10-26 NIIBE Yutaka <gniibe@fsij.org> + + agent, tests: Support --disable-scdaemon build case. + + commit 05cb87276c21c3a47226c75026fa46a955553dd9 + * agent/command.c (cmd_scd): Support !BUILD_WITH_SCDAEMON. + * tests/openpgp/defs.scm (create-gpghome): Likewise. + * tests/gpgsm/gpgsm-defs.scm (create-gpgsmhome): Likewise. + + Fix comment of configure. + + commit b13972dfbf7224478652038725ab0d2cb41b7303 + * configure.ac (BUILD_WITH_DIRMNGR): Comment fix. + +2017-10-24 Werner Koch <wk@gnupg.org> + + gpg: Avoid superfluous sig check info during import. + + commit 84af859e391a757877c9a1d78e35face983e6d23 + * g10/key-check.c (print_info): New. + (key_check_all_keysigs): Print sig checking results only in debug + mode. Prettify the stats info and suppress them in quiet mode. + + build: New configure option --enable-werror. + + commit 812fe29bff42cf7dbd07e0becc55b2ada340dd97 + * configure.ac: Implement that option. + + build: Do not mess with CFLAGS in configure. + + commit e417aaf69817fcb4a73c38077853dc940a2deabc + * configure.ac: Do not mess with the user provided CFLAGS. + +2017-10-24 Rainer Perske <rainer.perske@uni-muenster.de> + + sm: Do not expect X.509 keyids to be unique. + + commit 1067403c8a7fb51decf30059e46901b5ee9f5b37 + * sm/certlist.c (gpgsm_find_cert): Add arg allow_ambiguous and use it. + * sm/call-dirmngr.c (inq_certificate): Pass true to ALLOW_AMBIGUOUS + (run_command_inq_cb): Ditto. + * sm/gpgsm.c (main): Pass false. + * sm/server.c (cmd_passwd): Pass false. + +2017-10-24 Werner Koch <wk@gnupg.org> + + gpgconf: Ignore non-installed components with --apply-profile. + + commit 6e808ae4700dc5e95bf4cc2d5c063df582c234d0 + * tools/gpgconf-comp.c (retrieve_options_from_program): Add arg + only_installed. + (gc_component_retrieve_options): Use this if we want to process all + components. + + gpg: Improve the "secret key available" notice in keyedit.c. + + commit 560d85ecff4246133d185dc29395f07c918b5556 + * g10/keyedit.c (KEYEDIT_NEED_SUBSK): New. + (cmds): Add this flag to keytocard, bkuptocard, expire, and passwd. + (keyedit_menu): Check whether only subkeys are available and take care + of that in the command check and in the HELP listing. Also print a + different notice if only subkeys are available. + + gpg: Remove unused flags from keyedit.c. + + commit 016538d82867c40a21bc7cbf44ec386f4699077f + * g10/keyedit.c (KEYEDIT_NOT_SK, KEYEDIT_ONLY_SK): Remove. + (cmds): Remove them. + +2017-10-19 Werner Koch <wk@gnupg.org> + + gpg: Fix creating on-disk subkey with on-card primary key. + + commit 44fb3fbc85b32552c91f32f099b6b246c12ce0cc + * g10/keygen.c (generate_subkeypair): Ignore error code issued for + trying to verify a card based key. + + gpg: Print sec/sbb with --import-option import-show or show-only. + + commit 2c7dccca9b617780a3ea760adf460bb3b77f90f3 + * g10/import.c (import_one): Pass FROM_SK to list_keyblock_direct. + + gpg: Make --dry-run and show-only work for secret keys. + + commit 68c8619114fd5f24cb6bfb9e0f25c428a8805323 + * g10/import.c (import_secret_one): Check for dry-run before + transferring keys. + +2017-10-19 Damien Goutte-Gattat <dgouttegattat@incenp.org> + + dirmngr: Do not follow https-to-http redirects. + + commit 1ba308aa0356a57c21c4c8c2dac75b4d62b8aac3 + * dirmngr/ks-engine-http.c (ks_http_fetch): Forbid redirects from + a https URI to a http URI. + +2017-10-19 NIIBE Yutaka <gniibe@fsij.org> + + g10: Fix find_and_check_key for multiple keyrings. + + commit d07de3862710d88bc80d6f6c5ca8da5cf38ff0eb + * g10/pkclist.c (find_and_check_key): Call get_validity on a specific + keyblock. + +2017-10-19 Werner Koch <wk@gnupg.org> + + gpg: Keep a lock during the read-update/insert cycle in import. + + commit 7c73db3d31c6457dfbdc82a8dc89951c023f0603 + * g10/keydb.c (keydb_handle): New field 'keep_lock'. + (keydb_release): Clear that flag. + (keydb_lock): New function. + (unlock_all): Skip if KEEP_LOCK is set. + * g10/getkey.c (get_keyblock_byfprint_fast): Call keep_lock if + requested. + + gpg: Improve keydb handling in the main import function. + + commit 8448347b5bdee56e6f9938a93ea92fe4d3c8800c + * g10/getkey.c (get_pubkey_byfprint_fast): Factor most code out to ... + (get_keyblock_byfprint_fast): .. new function. + * g10/import.c (revocation_present): s/int rc/gpg_error_t err/. + (import_one): Use get_keyblock_byfprint_fast to get the keyblock and a + handle. Remove the now surplus keyblock fetch in the merge branch. + + gpg: Simplify keydb handling of the main import function. + + commit 752cae6dd2ee8982a34c796a3f168ae538f7938c + * g10/import.c (import_keys_internal): Return gpg_error_t instead of + int. Change var names. + (import_keys_es_stream): Ditto. + (import_one): Ditto. Use a single keydb_new and simplify the use of + of keydb_release. + + sm: Fix colon listing of fields > 12 in crt records. + + commit 1bf5cbd3ef01b7f5fdcfa30c882047b924dcf3f0 + * sm/keylist.c (print_capabilities): Move colon printing ... + (list_cert_colon): to here. + +2017-09-28 Werner Koch <wk@gnupg.org> + + gpg: Workaround for junk after --trusted-key. + + commit b509d81cab030cca6abf0d878e1fc884eda344e6 + * g10/trust.c (register_trusted_key): Cut off everthing starting as a + hash sign. + +2017-09-19 Werner Koch <wk@gnupg.org> + + Release 2.2.1. + + commit 355ca9e9498740fb6294eec451507b4891ae01ec + + +2017-09-18 Werner Koch <wk@gnupg.org> + + dirmngr: Use system certs if --hkp-cacert is not used. + + commit df692a6167be5486f9a29da003a00292fd895176 + * dirmngr/certcache.c (any_cert_of_class): New var. + (put_cert): Set it. + (cert_cache_deinit): Clear it. + (cert_cache_any_in_class): New func. + * dirmngr/http-ntbtls.c (gnupg_http_tls_verify_cb): Add hack to + override empty list of HKP certs. + + wks: Create a new user id if provider wants mailbox-only. + + commit 50c8b6c88f5d9f4b6c4e9c03aee31fe29afa94b8 + * tools/gpg-wks-client.c (get_key): Add arg 'exact'. + (add_user_id): New. + (command_send): Create new user id. + + wks: Send only the newest UID to the server. + + commit 7f7f5d06fa5aa3a3c5ab8d2e59ee76207bfdeaa0 + * tools/wks-util.c (list_key_status_cb): Rename to key_status_cb. + (wks_filter_uid): New. + (wks_list_key): Allow FPR to be NULL. Return an error if no + fingerprint was found. + * tools/gpg-wks-server.c (process_new_key) + (check_and_publish): Remove now useless extra check for FPR. + * tools/gpg-wks-client.c (command_check): Ditto. + (command_send): Filter out the newest uid. + + wks: Print the UID creation time with gpg-wks-client --check. + + commit a0035986a8615df056182bb9af775b8b7b22003d + * tools/gpg-wks.h (uidinfo_list_s): Add field 'created'. + * tools/wks-util.c (append_to_uidinfo_list): Add arf 'created'. + (wks_list_key): Pass timestamp to append_to_uidinfo_list. + * tools/gpg-wks-client.c (command_check): Print UID creation time. + + wks: Use dedicated type to convey user ids. + + commit 4e0696de897cac6a34d55a69d8889faf26f1a923 + * tools/gpg-wks.h (uidinfo_list_s, uidinfo_list_t): New. + * tools/wks-util.c (append_to_uidinfo_list): New. + (free_uidinfo_list): New. + (wks_list_key): Change arg r_mboxes to uidinfo_list_t. Use + append_to_uidinfo_list. + * tools/gpg-wks-server.c (sserver_ctx_s): Replace strlist_t by + uidinfo_list_t. + (process_new_key): Ditto. + (check_and_publish): Ditto. + (command_receive_cb): Replace free_strlist by free_uidinfo_list. + * tools/gpg-wks-client.c (command_check): Replace strlist_t by + uidinfo_list_t. Also print user id in verbose mode. + +2017-09-13 Werner Koch <wk@gnupg.org> + + gpgv: Initialize compliance checker. + + commit 006ca124ed95845d43af8c14d7ab2bc085b47b4c + * g10/gpgv.c (main): Call gnupg_initialize_compliance. + +2017-09-12 Werner Koch <wk@gnupg.org> + + wks: Add hack for the broken posteo system. + + commit a821b4f5567d02c3329c2b94a73dcbe12e6699a2 + * tools/gpg-wks-client.c (command_send): Additional hack for posteo. + Check the protocol-version flag. + + wks: Add new policy flag protocol-version. + + commit 332c9eaa2a3c7cae90b389cdaa2c149c5595fb4d + * tools/gpg-wks.h (policy_flags_s): Add field protocol_version. + * tools/wks-util.c (wks_parse_policy): Add new policy flag. + + gpg: Fix "Fix key generation with only an email part". + + commit 8b5a2474f21dd4f1aa2a283e2f57d75e42742af5 + * g10/keygen.c (proc_parameter_file): Don't check the result of + stpcpy. + + wks: Use unencrypted draft-1 mode for posteo.de. + + commit c65a7bba7331975d20910f90cf648b6ecc5410f0 + * tools/gpg-wks-client.c (command_send): Allow sending in draft-1 + mode. + + tools: New function mime_maker_add_body_data. + + commit 7d15ee88980f88ca62fc7de9492dd08e54d0f0f1 + * tools/mime-maker.c (mime_maker_add_body_data): New. + +2017-09-11 NIIBE Yutaka <gniibe@fsij.org> + + tests: Fix a test which specifies expiration date. + + commit a172759b5088ae086c0caa2e7d4d0ea346b28a90 + * tests/openpgp/quick-key-manipulation.scm: Fix expiration time + comparison. + + scd: Fix for large ECC keys. + + commit 827abe01a72a50eab1cdcde78985b42a4a8480fb + * scd/app-openpgp.c (do_decipher): Support larger length. + +2017-09-11 Werner Koch <wk@gnupg.org> + + gpg: Fix key generation with only an email part. + + commit 7089dcc54099a4909ce7d386c07ab87e1398e2eb + * g10/keygen.c (proc_parameter_file): Special case the email only + case. + +2017-08-28 Werner Koch <wk@gnupg.org> + + Release 2.2.0. + + commit 9d80fb8e000189e61c173c39f1e1ca417566a7fc + + +2017-08-27 Werner Koch <wk@gnupg.org> + Arnaud Fontaine <arnaud.fontaine@ssi.gouv.fr> + + scd: Convey the correct length for Le. + + commit 45d5f5800afe6613f338a26f361cb5e03e861129 + * scd/app-openpgp.c (determine_rsa_response): Round bits up. + +2017-08-24 Werner Koch <wk@gnupg.org> + + gpg: Fix memory leak while running --check-trustdb. + + commit 13821e15fb9bdddfce79d88731c0f151724b2371 + * g10/trustdb.c (update_min_ownertrust): Free PK. + + gpg: Fix memory leak in sig-check. + + commit b065a696344eac3007dbd5642143ecaaeebab43a + * g10/sig-check.c (check_signature_over_key_or_uid): Remove useless + condition. Actually free when SIGNER was allocated by us. + + build: Remove obsolete option from autogen.rc. + + commit 02a5df614a369519ad7781f95dc977e24a0d4277 + * autogen.rc: Remove --enable-gpg2-is-gpg. + +2017-08-23 Werner Koch <wk@gnupg.org> + + gpgconf: Swap "auto-key-retrieve" and "no-auto-key-retrieve". + + commit 565e486b8028f9e3cc51ebc5202666b598042175 + * g10/gpg.c (gpgconf_list): Announce "auto-key-retrieve". + (main): Simplify setting of KEYSERVER_AUTO_KEY_RETRIEVE. + * tools/gpgconf-comp.c: Make "no-auto-key-retrieve" invisible. Make + "auto-key-retrieve" an expert option. + + tests: Do not run trust-pgp-4.scm. + + commit b917cb66b79597520788cd9264889942247a3377 + * tests/openpgp/Makefile.am (XTESTS): Remove test. + (EXTRA_DIST): Add test file. + + build: Change SWDB tag "gnupg21" to "gnupg22". + + commit 008ae0bd868cb49ad4d67fc8c71707cd2a162137 + * configure.ac (GNUPG_SWDB_TAG): New ac_define. Set it to "gnupg22". + * tools/gpgconf.c (query_swdb): Use it. + * build-aux/speedo.mk: Change tag "gnupg21" to "gnupg22". + * Makefile.am (distcheck-hook): Ditto. + +2017-08-23 Åka Sikrom <a4@hush.com> + + po: Update Norwegian translation. + + commit fd0e5b60bed1cfc2aed7b2e13cc449f355eac051 + + +2017-08-23 Andre Heinecke <aheinecke@intevation.de> + + agent: Fix string translation for Windows. + + commit 6158811304937b592601ef30c29c5a5cdbaa88ea + * agent/agent.h (L_): Define agent_Lunderscore when simple + gettext is used. + +2017-08-22 NIIBE Yutaka <gniibe@fsij.org> + + po: Update Japanese translation. + + commit e6fa6b0ce823effd721c807b2b292287af91c642 + + +2017-08-21 Damien Goutte-Gattat <dgouttegattat@incenp.org> + + tests: Add tests for the PGP trust model. + + commit c23a69970ba38edae9d3b2603825d18fbb732423 + * tests/openpgp/trust-pgp-1.scm: New file. + * tests/openpgp/trust-pgp-2.scm: New file. + * tests/openpgp/trust-pgp-3.scm: New file. + * tests/openpgp/trust-pgp-4.scm: New file. + * tests/openpgp/trust-pgp/common.scm: New file. + * tests/openpgp/trust-pgp/scenario1.asc: New file. + * tests/openpgp/trust-pgp/scenario2.asc: New file. + * tests/openpgp/trust-pgp/scenario3.asc: New file. + * tests/openpgp/trust-pgp/scenario4.asc: New file. + * tests/openpgp/trust-pgp/alice.sec.asc: New file. + * tests/openpgp/trust-pgp/bobby.sec.asc: New file. + * tests/openpgp/trust-pgp/carol.sec.asc: New file. + * tests/openpgp/trust-pgp/david.sec.asc: New file. + * tests/openpgp/trust-pgp/frank.sec.asc: New file. + * tests/openpgp/trust-pgp/grace.sec.asc: New file. + * tests/openpgp/trust-pgp/heidi.sec.asc: New file. + * tests/openpgp/Makefile.am (XTESTS): Add new tests. + (TEST_FILES): Add new files. + (EXTRA_DIST): Add new common file. + + tests: Move some functions into a common module. + + commit cbe54b28bf3610204e12c50c0606df37337a1156 + * tests/openpgp/tofu.scm (gettrust): Moved to the common defs.scm + module. + (checktrust): Likewise. + * tests/openpgp/defs.scm (gettrust): New function. + (checktrust): Likewise. + + gpgconf: Make WoT settings configurable by gpgconf. + + commit 0161225457e0609509d0d5f4b80a60a1071b4b48 + * tools/gpgconf-comp.c (gc_options_gpg): Add max-cert-depth, + completes-needed, and marginals-needed options. + * g10/gpg.c (gpgconf_list): Likewise. + +2017-08-21 Justus Winter <justus@g10code.com> + + gpgscm: Fix -Wimplicit-fallthrough warnings. + + commit 6e596b2a745ae7a75a69038cf00ab4bbae1cebaa + * tests/gpgscm/scheme.c (CASE): Rearrange so that the case statement + is at the front. + (Eval_Cycle): Improve fallthrough annotations. + +2017-08-11 Daniel Kahn Gillmor <dkg@fifthhorseman.net> + + gpg: default to --no-auto-key-retrieve. + + commit e6f84116abca2ed49bf14b2e28c3c811a3717227 + * g10/gpg.c (main): remove KEYSERVER_AUTO_KEY_RETRIEVE from the + default keyserver options. + * doc/gpg.texi: document this change. + +2017-08-10 Justus Winter <justus@g10code.com> + + tests: Improve documentation. + + commit 23107ba20f8b4eb5482b480ad6a8af6b39d2bfeb + * tests/openpgp/README: Add quickstart instructions, how to use + shell.scm, remove no longer used MKDATA. + +2017-08-09 Marcus Brinkmann <marcus.brinkmann@ruhr-uni-bochum.de> + + g10: Write status error on error of --quick-revoke-uid. + + commit 977fc5f0eb9fdee19e66bea8cd2eb5414789b485 + * g10/keyedit.c (keyedit_quick_revuid): Write status error on error. + +2017-08-09 Werner Koch <wk@gnupg.org> + + Release 2.1.23. + + commit e8ffa9a6ca5d76660b67207cd1157068e48483de + + + po: Update German translation. + + commit 2059dbf201963c6f229698ae80c6c774b1f686c8 + + +2017-08-08 Werner Koch <wk@gnupg.org> + + build: New configure option --enable-all-tests. + + commit fb21aa8b50367e2afa13bad73fc21d6f01a97e18 + * configure.ac: New option --enable-all-tests. + * tests/gpgscm/ffi.c (ffi_init): New gloabl var *run-all-tests*. + * tests/openpgp/all-tests.scm (all-tests): Use that var instead + of *maintainer-mode*. + * Makefile.am (AM_DISTCHECK_CONFIGURE_FLAGS): Add --enable-all-tests. + + gpgscm: Make the test summary stand out. + + commit 0bd19dae1161a71053d794e4f75e66f70445f9f0 + * tests/gpgscm/tests.scm (test-pool): Add delimiter lines. + + sm: Always print the keygrip in colon mode. + + commit 0a8e20c4c639f0c491e2af5ac5fb97005196422b + * sm/keylist.c (list_cert_colon): Always print the keygrip as + described in the manual. + +2017-08-08 Justus Winter <justus@g10code.com> + + gpg: Add option '--disable-dirmngr'. + + commit c4506f624ed6854aa0ba1629aa2d1d43eb26900d + * doc/gpg.texi: Document new option. + * g10/call-dirmngr.c (create_context): Fail if option is given. + * g10/gpg.c (cmd_and_opt_values): New value. + (opts): New option. + (gpgconf_list): Add new option. + (main): Handle new option. + * g10/options.h (struct opt): New field 'disable_dirmngr'. + * tools/gpgconf-comp.c (gc_options_gpg): New option. + +2017-08-07 Daniel Kahn Gillmor <dkg@fifthhorseman.net> + + systemd-user: Drop redundant After=*.socket. + + commit 81074c3b0211854a2dc94600dc892224201536f5 + * doc/examples/systemd-user/*.service: Drop redundant After=*.socket + directive. + + systemd-user: Drop RefuseManualStart=true. + + commit 407da18254dfebcacfaee16952ef0b617b1626ea + * doc/examples/systemd-user/*.service: drop RefuseManualStart=true + +2017-08-07 Justus Winter <justus@g10code.com> + + tests: Do not run all tests unless in maintainer mode. + + commit b0112dbca91e720a4ff622ad0e88d99eba56203a + * configure.ac: Leak the maintainer mode flag into 'config.h'. + * tests/gpgscm/ffi.c: Pass it into the scheme environment. + * tests/openpgp/all-tests.scm: Only run tests against non-default + configurations (keyring, extended-key-format) in maintainer mode. + +2017-08-07 Daniel Kahn Gillmor <dkg@fifthhorseman.net> + + Fix spelling. + + commit a611cba142470c52f3303c512f77ae7d195cc41f + * doc/gpg.texi: s/occured/occurred/ + + Simple typo fix. + + commit f011d8763a009612c858a287cf7cc6a1f1a6d32a + * agent/gpg-agent.c: Correct spelling in comment. + +2017-08-05 Werner Koch <wk@gnupg.org> + + gpg: Install gpg by default under the name gpg. + + commit a69464b0b6dac88b360a13d3faf19dd7f2a0e02b + * configure.ac: Remove option --enable-gpg2-is-gpg. Add option + --enable-gpg-is-gpg2. + * build-aux/speedo.mk (speedo_pkg_gnupg_configure): Remove + --enable-gpg2-is-gpg. + + gpg: gpgconf needs to support the now default --auto-key-retrieve. + + commit 69e97d909d586160cc0631c9a6f4d3f24bb0c682 + * tools/gpgconf-comp.c (gc_options_gpg): Re-add "auto-key_retrieve". + +2017-08-04 Werner Koch <wk@gnupg.org> + + gpg: Fix memory leak in parse_auto_key_locate. + + commit b70e86fd1050fc6da07a177ed142ae9882b4dd0d + * g10/getkey.c (parse_auto_key_locate): Fix freeing of OPTIONS. + + tests: Adjust tests for changed --auto-key-locate default. + + commit 0767eada1479c0fa9d4b75781a8c2afb67bdbf90 + * tests/openpgp/defs.scm (create-gpghome): Disable new defaults. + + gpg: Make --no-auto-key-retrieve gpgconf-igurable. + + commit 9bb13a0e819334681caca38c9074bd7bfc04e45e + * g10/gpg.c (gpgconf_list): Print no-auto-key-retrieve instead of + auto-key-retrieve. + * tools/gpgconf-comp.c (gc_options_gpg): Replace auto-key-retrieve by + no-auto-key-retrieve and chnage level from invisible to advanced. + + gpg: Default to --auto-key-locate "local,wkd" and --auto-key-retrieve. + + commit 7e1fe791d188b078398bf83c9af992cb1bd2a4b3 + * g10/gpg.c (main): Add KEYSERVER_AUTO_KEY_RETRIEVE to the default + keyserver options. Set the default for --auto-key-locate to + "local,wkd". Reset that default iff --auto-key-locate has been given + in the option file or in the commandline. + * g10/getkey.c (parse_auto_key_locate): Work on a copy of the arg. + + agent: Make --no-grab the default. + + commit 3d78ae4d3de08398fabae5821045a3a1da6dadbe + * agent/gpg-agent.c (oGrab): New const. + (opts): New option --grab. Remove description for --no-grab. + (parse_rereadable_options): Make --no-grab the default. + (finalize_rereadable_options): Allow --grab to override --no-grab. + (main) <gpgconflist>: Add "grab". + * tools/gpgconf-comp.c (gc_options_gpg_agent): Add "grab". + + gpg: Avoid double fingerprint printing with import-show. + + commit b54d75fb1dcfa2cebb3a2497b81ffb49acac2056 + * g10/import.c (import_one) <IMPORT_SHOW>: Take care of fingerprint + options. + + gpg: New import option show-only. + + commit d9fabcc1989d7235ea0294874803295a30f8711b + * g10/options.h (IMPORT_DRY_RUN): New. + * g10/import.c (parse_import_options): Add "show-only". + (import_one): use that as alternative to opt.dry_run. + +2017-08-03 Werner Koch <wk@gnupg.org> + + wks: Allow gpg-wks-client --supported with just the domain name. + + commit 6cba56d436b56ea5e60042144a8a75a2e80007c8 + * tools/gpg-wks-client.c (command_supported): Hack for missing local + part. + +2017-08-02 Marcus Brinkmann <marcus.brinkmann@ruhr-uni-bochum.de> + + g10: Always save standard revocation certificate in file. + + commit dcfb01959802b27869528dda1d9a4f5e79574bb5 + * g10/revoke.c (gen_standard_revocation): Set opt.outfile to NULL + temporarily to create certificate in right place. + +2017-08-01 Marcus Brinkmann <marcus.brinkmann@ruhr-uni-bochum.de> + + Revert "g10: Always save standard revocation certificate in file." + + commit 624cd2d0bf6cc6dd1b79654295dc76f5b2d6d70b + This reverts commit ebc65ff459e6c228fb7406e375819a9fe5637abe. + + g10: Always save standard revocation certificate in file. + + commit ebc65ff459e6c228fb7406e375819a9fe5637abe + * g10/main.h (open_outfile): New parameter NO_OUTFILE. + * g10/openfile.c (open_outfile): New parameter NO_OUTFILE. If given, + never use opt.outfile. + * g10/revoke.c (create_revocation): If FILENAME is true, also set + NO_OUTFILE to true (for standard revocation certificates). + * g10/dearmor.c, g10/encrypt.c, g10/export.c, g10/revoke.c, + g10/sign.c: Adjust all other callers. + + artwork: Add icons. + + commit a8d0b8d2333ddab703d1e346e06c106eeeedfd53 + * artwork/icons/index.css: New file. + * artwork/icons/index.html: New file. + * artwork/icons/lock-12.png: New file. + * artwork/icons/lock-128.png: New file. + * artwork/icons/lock-16.png: New file. + * artwork/icons/lock-24.png: New file. + * artwork/icons/lock-256.png: New file. + * artwork/icons/lock-32.png: New file. + * artwork/icons/lock-48.png: New file. + * artwork/icons/lock-64.png: New file. + * artwork/icons/lock-wing-12.png: New file. + * artwork/icons/lock-wing-128.png: New file. + * artwork/icons/lock-wing-16.png: New file. + * artwork/icons/lock-wing-24.png: New file. + * artwork/icons/lock-wing-256.png: New file. + * artwork/icons/lock-wing-32.png: New file. + * artwork/icons/lock-wing-48.png: New file. + * artwork/icons/lock-wing-64.png: New file. + * artwork/icons/lock-wing.svg: New file. + * artwork/icons/lock.svg: New file. + * artwork/icons/wing-12.png: New file. + * artwork/icons/wing-128.png: New file. + * artwork/icons/wing-16.png: New file. + * artwork/icons/wing-24.png: New file. + * artwork/icons/wing-256.png: New file. + * artwork/icons/wing-32.png: New file. + * artwork/icons/wing-48.png: New file. + * artwork/icons/wing-64.png: New file. + * artwork/icons/wing.svg: New file. + +2017-08-01 Werner Koch <wk@gnupg.org> + + gpg,sm: Error out on compliance mismatch while decrypting. + + commit 4e117f206beb38287ddcd3251fb7baabadfbddbb + * g10/pubkey-enc.c (get_session_key): Bail out if the algo is not + allowed in the current compliance mode. + * sm/decrypt.c (gpgsm_decrypt): Ditto. + +2017-08-01 NIIBE Yutaka <gniibe@fsij.org> + + Simple typo fix. + + commit fde9a8cc6c849fb21f3e6782dbd5c6bc863357eb + * tools/rfc822parse.c: Fix. + + po: Update Japanese translation. + + commit 02b571947b9442604faa7509478cd8577c2c0b9c + + +2017-07-31 Werner Koch <wk@gnupg.org> + + dirmngr,w32: Fix http connection timeout problem. + + commit 482fd5758c1b7e1b33c4cb50656e586a3ae16815 + * dirmngr/http.c (connect_with_timeout) [W32]: Take care of EAGAIN. + + Explain the "server is older than xxx warning". + + commit 4ad5bc1b6d72483123963c894ee1412b2ceb99b4 + * g10/call-agent.c (warn_version_mismatch): Print a note on how to + restart the servers. + * g10/call-dirmngr.c (warn_version_mismatch): Ditto. + * sm/call-agent.c (warn_version_mismatch): Ditto. + * sm/call-dirmngr.c (warn_version_mismatch): Ditto. + +2017-07-28 Werner Koch <wk@gnupg.org> + + Release 2.1.22. + + commit 7d335ff496b129ee6f33c4ca25bd7a6631a4b590 + + + po: Update German translation. + + commit 339f672dad94b4e0000fd2d3a1f272a4861c91c3 + + + agent: Make --ssh-fingerprint-digest re-readable. + + commit 6c9899bede6ecb2ccf7336d12724090f36a6aa3d + * agent/gpg-agent.c (main): Move oSSHFingerprintDigest to ... + (parse_rereadable_options): here. + (opts): Change its description. + (main) <aGPGConfList>: Include this option. + * tools/gpgconf-comp.c (gc_options_gpg_agent): Add option at expert + level. + + gpg,sm: String changes for compliance diagnostics. + + commit efe187e8a2b583defdcd9d4b96e3dc83f95bef0d + + + agent: For OCB key files return Bad Passprase instead of Checksum Error. + + commit 5cf95157c5db88dd599ac4d48f619782179b1438 + * agent/protect.c (do_decryption): Map error checksum to bad + passpharse protection + + * agent/call-pinentry.c (unlock_pinentry): Don't munge the error + source for corrupted protection. + + gpg: Minor rework for better readibility of get_best_pubkey_byname. + + commit 1c35e29af95c46475f297d2bd70a5f3bd49d45b1 + * g10/getkey.c (get_best_pubkey_byname): Change return type to + gpg_error_t. Use var name err instead of rc. Move a + gpg_error_from_syserror closer to the call. + + gpg: Fix segv in get_best_pubkey_byname. + + commit 6496dc1f9d2aef3bf8cf950da2434c96f7a0145c + * g10/getkey.c (get_best_pubkey_byname): Init NEW. + + agent: Minor cleanup (mostly for documentation). + + commit 5516ef47a22dfdf9cdf56107f34d2bda9e46deec + * agent/command.c (cmd_pksign): Change var name 'rc' to 'err'. + * agent/findkey.c (read_key_file): Ditto. Change return type to + gpg_error_t. On es_fessk failure return a correct error code. + (agent_key_from_file): Change var name 'rc' to 'err'. + * agent/pksign.c (agent_pksign_do): Ditto. Change return type to + gpg_error_t. Return a valid erro code on malloc failure. + (agent_pksign): Ditto. Change return type to gpg_error_t. replace + xmalloc by xtrymalloc. + * agent/protect.c (calculate_mic): Change return type to gpg_error_t. + (do_decryption): Ditto. Do not init RC. + (merge_lists): Change return type to gpg_error_t. + (agent_unprotect): Ditto. + (agent_get_shadow_info): Ditto. + +2017-07-27 Werner Koch <wk@gnupg.org> + + gpg: Tweak compliance checking for verification. + + commit 6502bb0d2af5784918ebb74242fff6f0a72844bf + * common/compliance.c (gnupg_pk_is_allowed): Rework to always allow + verification. + * g10/mainproc.c (check_sig_and_print): Print a con-compliant warning. + * g10/sig-check.c (check_signature2): Use log_error instead of + log_info. + + gpg,sm: Allow encryption (with warning) to any key in de-vs mode. + + commit 1bd22a85b4f06324037b3500d2fa8af62733c926 + * g10/encrypt.c (encrypt_crypt): Do not abort for a non-compliant key. + * sm/encrypt.c (gpgsm_encrypt): Ditto. + + gpg,sm: Fix compliance checking for decryption. + + commit a0d0cbee7654ad7582400efaa92d493cd8e669e9 + * common/compliance.c (gnupg_pk_is_compliant): Remove the Elgamal + signing check. We don't support Elgamal signing at all. + (gnupg_pk_is_allowed) <de-vs>: Revert encryption/decryption for RSA. + Check the curvenames for ECDH. + * g10/pubkey-enc.c (get_session_key): Print only a warning if the key + is not compliant. + * sm/decrypt.c (gpgsm_decrypt): Ditto. Use the same string as in gpg + so that we have only one translation. + + gpg: Avoid output to the tty during import. + + commit fcb62fe20f45290bf95703ec3bf4d0b361fa4339 + * g10/key-check.c (key_check_all_keysigs): Add arg mode and change all + output calls to use it. + * g10/keyedit.c (keyedit_print_one_sig): Add arg fp and chnage all + output calls to use it. + (keyedit_menu): Adjust for changes. + * g10/gpgcompose.c (keyedit_print_one_sig): Add dummy arg fp. + * g10/import.c (import_one): Call key_check_all_keysigs with output to + the log stream. + +2017-07-26 Marcus Brinkmann <marcus.brinkmann@ruhr-uni-bochum.de> + + g10: Make sure exactly one fingerprint is output with --quick-gen-key. + + commit 94eea0ed2c8b47cb0fe02b22cbe668705a5fe0d0 + * g10/keygen.c (do_generate_keypair): Only set fpr in + list_keyblock_direct invocation if neither --fingerprint nor + --with-fingerprints are given. + +2017-07-26 Werner Koch <wk@gnupg.org> + + doc: Add man pages form gpg-wks-server and gpg-wks-client. + + commit be636c3cfca178927b09ef4154c3e555d6f5b1c4 + * doc/wks.texi: New. + * doc/gnupg.texi: Include wks.texi. + * doc/Makefile.am (gnupg_TEXINFOS): Add wks.texi. + (myman_pages): Add new man pages. + + wks: Fix program names in the usage diagnostics. + + commit c76398da5b15df2086f68bc26b7fde75219976c7 + * tools/gpg-wks-client.c (my_strusage): Add case 12. + * tools/gpg-wks-server.c (my_strusage): Add case 12: + +2017-07-26 Andre Heinecke <aheinecke@intevation.de> + + doc: Update vsnfd profile example. + + commit 4f569c69075fddbaea588544a6625c28cb4cb8f4 + * doc/examples/vsnfd.prf: Use rsa3072 + +2017-07-26 Werner Koch <wk@gnupg.org> + + dirmngr: Do not use a blocking connect in Tor mode. + + commit c5e5748480952e5bcedb16f6ce6ef7e435acb3c7 + * dirmngr/http.c (http_raw_connect): Disable the timeout in Tor mode. + (send_request): Ditto. + + dirmngr: Auto-enable Tor on startup or reload. + + commit fd68bdb61ec4f8441da6d3023a8da4315df54cec + * dirmngr/dirmngr.c (dirmngr_use_tor): Test for Tor availibility. + + agent,dirmngr: Check for homedir removal also using stat(2). + + commit d50c2eff8d6931586c527edb3dea98dbc6facdec + * agent/gpg-agent.c (have_homedir_inotify): New var. + (reliable_homedir_inotify): New var. + (main): Set reliable_homedir_inotify. + (handle_tick): Call stat on the homedir. + (handle_connections): Mark availibility of the inotify watch. + * dirmngr/dirmngr.c (handle_tick): Call stat on the homedir. + (TIMERTICK_INTERVAL_SHUTDOWN): New. + (handle_connections): Depend tick interval on the shutdown state. + + agent: Lengthen timertick interval on Unix to 4 seconds. + + commit f4ec7697a9c2d7587794d3bd75efbb0b51d6562f + * agent/gpg-agent.c (TIMERTICK_INTERVAL): Same value for Windows and + Unix. + +2017-07-25 Werner Koch <wk@gnupg.org> + + common: Strip trailing slashes from the homedir. + + commit 24c7aa0d58e3768690dd8ebef0e8e01af7e80f83 + * common/homedir.c (default_homedir): Strip trailing slashes. + (gnupg_set_homedir): Ditto. + + w32: Also change the directory on daemon startup. + + commit 0ef50340ef68b2541d9a1aafa71f5400aef4dc7e + * agent/gpg-agent.c (main): Always to the chdir. + * dirmngr/dirmngr.c (main): Ditto. + * scd/scdaemon.c (main): Ditto. + + common: New functions gnupg_daemon_rootdir and gnupg_chdir. + + commit 226f143ca01cf335c7c4e3e94c96fb9d271eccc9 + * common/sysutils.c (gnupg_chdir): New. + * common/homedir.c (gnupg_daemon_rootdir): New. + * agent/gpg-agent.c (main): Use these functions instead chdir("/"). + * dirmngr/dirmngr.c (main): Ditto. + * scd/scdaemon.c (main): Ditto. + + gpg: Update key origin info during import merge. + + commit 166d0d7a2439f30c0a250faadc16ce3453447d71 + * g10/import.c (update_key_origin): New. + (merge_blocks): Add arg curtime. + (import_one): Pass curtime to merge_blocks. Call update_key_origin. + + gpg: Store key origin for new userids during import merge. + + commit 84c993d9325fc000acac7950b2dfeefa5976df3b + * g10/import.c (apply_meta_data): Rename to ... + (insert_key_origin): this. Factor code out to ... + (insert_key_origin_pk, insert_key_origin_uid): new funcs. + (import_one): Move insert_key_origin behind clean_key. + (merge_blocks): Add args options, origin, and url. + (append_uid): Rename to ... + (append_new_uid): this. Add args options, curtime, origin, and url. + Call insert_key_origin_uid for new UIDs. + +2017-07-25 NIIBE Yutaka <gniibe@fsij.org> + + dirmngr: Add annotation for fallthrough. + + commit d40b4a41a8d60292fd4b5b951a19883e31090179 + * dirmngr/dns.c: Add /* FALL THROUGH */ to clarify. + +2017-07-24 Werner Koch <wk@gnupg.org> + + gpg: Extend --key-origin to take an optional URL arg. + + commit 87b5421ca84bbea68217c9ed771ee8c0a98a4d0c + * g10/getkey.c (parse_key_origin): Parse appended URL. + * g10/options.h (struct opt): Add field 'key_origin_url'. + * g10/gpg.c (main) <aImport>: Pass that option to import_keys. + * g10/import.c (apply_meta_data): Extend for file and url. + * g10/keyserver.c (keyserver_fetch): Pass the url to + import_keys_es_stream. + + gpg: Store key origin info for new keys from a keyserver. + + commit 2ca0381d077d766593db26f4215b8eddee8d7963 + * g10/keyserver.c (keyserver_get_chunk): Use KEYORG_KS if request was + done by fingerprint. + * g10/import.c (apply_meta_data): Implement that. + + gpg: Store key origin info for new DANE and WKD retrieved keys. + + commit e7068bf92ec5ca5d440346d43a382c1f625b924d + * g10/import.c (apply_meta_data): Remove arg 'merge'. Add arg 'url'. + Implement WKD and DANE key origin. + (import_keys_internal): Add arg 'url' and change all callers. + (import_keys_es_stream): Ditto. + (import): Ditto. + (import_one): Ditto. + * g10/keylist.c (list_keyblock_print): Fix update URL printing. + * g10/call-dirmngr.c (gpg_dirmngr_wkd_get): Add arg 'r_url' to return + the SOURCE. Pass ks_status_cb to assuan_transact. + * g10/keyserver.c (keyserver_import_wkd): Get that URL and pass it to + the import function. + + gpg: Filter keys received via DANE. + + commit f6f0dd4d5ea85e0b16e96d7678b1d508182049a8 + * g10/keyserver.c (keyserver_import_cert): Use an import filter in + DANE mode. + + dirmngr: Print a SOURCE status for WKD requests. + + commit e97548223948222a5c22acdf3775c7f93c1e17a9 + * dirmngr/server.c (cmd_wkd_get): Print a SOURCE status. + + dirmngr: New function dirmngr_status_printf. + + commit 9b88cfa0962f28894658cff8777fe7a217c6f700 + * dirmngr/server.c (dirmngr_status_printf): New. + +2017-07-24 Marcus Brinkmann <marcus.brinkmann@ruhr-uni-bochum.de> + + g10: Make sure to emit NEED_PASSPHRASE on --import of secret key. + + commit 872137b5921dd297e7d2c1def6e3868b7595feb5 + * call-agent.h (agent_import_key): Add keyid parameters. + * call-agent.c (agent_import_key): Set keyid parameters. + * import.c (transfer_secret_keys): Pass keyid parameters. + + w32: Change directory on daemon startup. + + commit 78ebc62604d77600b9865950610717d28c6027a2 + * agent/gpg-agent.c [HAVE_W32_SYSTEM]: Include <direct.h>. + (main) [HAVE_W32_SYSTEM]: Change working directory to \. + * dirmngr/dirmngr.c [HAVE_W32_SYSTEM]: Include <direct.h>. + (main) [HAVE_W32_SYSTEM]: Change working directory to \. + * scd/scdaemon.c [HAVE_W32_SYSTEM]: Include <direct.h>. + (main) [HAVE_W32_SYSTEM]: Change working directory to \. + + g10: Make sure to emit NEED_PASSPHRASE on --export-secret-key. + + commit d8e46f10698da0bee4cd58d95f1f9832bdda0c5f + * call-agent.h (agent_export_key): Add keyid parameters. + * call-agent.c (agent_export_key): Set keyid parameters. + * export.c (receive_seckey_from_agent): Pass keyid parameters. + +2017-07-24 NIIBE Yutaka <gniibe@fsij.org> + + scd: Use unsigned int for fields. + + commit 45e40487fb7bb51228c96c8966e38c643a9b9ba5 + * scd/app-openpgp.c (data_objects): Use unsigned ints. + + dirmngr: More minor fix. + + commit ade4b2744c848e07b87afa4f186256c2a2ef1d13 + * dirmngr/http.c (send_request): Care the case of !USE_TLS. + + dirmngr: More minor fixes. + + commit 789401e9557db13422f47a8c09e693f3cee0132b + * dirmngr/http.c (http_verify_server_credentials): Duplicated const. + * dirmngr/ldap.c (parse_one_pattern): Add comment. + + dirmngr: Minor fix for Windows. + + commit 274602820cfbb15c7cdb4525acd9793bdb472e78 + * dirmngr/http.c (connect_with_timeout): Use FD2INT. + + agent: Minor fix for Windows. + + commit 328fca187253c069e3630bd387a71f6d16e9820a + * agent/command-ssh.c (serve_mmapped_ssh_request): Add const + qualifier. + +2017-07-21 Marcus Brinkmann <marcus.brinkmann@ruhr-uni-bochum.de> + + g10: Avoid caching passphrase for failed symmetric encryption. + + commit e4c720fa3b31ebd3e9d764c6eab02729cf06124c + * g10/mainproc.c (proc_encrypted): If error code is GPG_ERR_CIPHER_ALGO, + assume the symmetric passphrase was wrong and invalidate the cache. + +2017-07-21 Werner Koch <wk@gnupg.org> + + gpg: Extend --quick-set-expire to allow subkey expiration setting. + + commit b55b72bb815ad5870456b89c3a011fa00991b4a8 + * g10/keyedit.c (keyedit_quick_set_expire): Add new arg subkeyfprs. + (menu_expire): Rename arg force_mainkey to unattended and allow + unattended changing of subkey expiration. + * g10/gpg.c (main): Extend --quick-set-expire. + + gpg: Fix possible double free of the card serialno. + + commit e888f7af6571ecd3994fd55cc18c9e2df7fd0c60 + * g10/free-packet.c (copy_public_key): Copy fields serialno and + updateurl. + + gpg: Use macros to check the signature class. + + commit 5818ff0ae314af08548fcc23df2b807736144a00 + * g10/import.c: Use the extistin macros for better readability. + +2017-07-21 Marcus Brinkmann <marcus.brinkmann@ruhr-uni-bochum.de> + + g10: Clean keyblock on initial commit. + + commit 609bbdf3614fbadeba7a6cbdfdf5004b23516a64 + * g10/import.c (import_one): If option import-clean is set, + also clean on initial import, not only for merge. + +2017-07-21 NIIBE Yutaka <gniibe@fsij.org> + + scd: Fix SEGV in CCID driver. + + commit d8a55da715ce8447b0686f321fa43d00be34a467 + * scd/ccid-driver.c (intr_cb): Only kick the loop for removal. + (bulk_in): Don't set POWERED_OFF when interrupt transfer is enabled. + + g10: Don't limit at the frontend side for card capability. + + commit a76b6cf9709c0a2a89fa2887075491b80f3d9608 + * g10/card-util.c (MAX_GET_DATA_FROM_FILE): New. + (get_data_from_file): Use MAX_GET_DATA_FROM_FILE. + (change_url, change_login, change_private_do): Don't limit. + + scd: Add debug message for v3 card. + + commit 892e86b0dc69193ddff018bf9b3938509dd72cb3 + * scd/app-openpgp.c (show_caps): Output more messages. + +2017-07-20 Marcus Brinkmann <marcus.brinkmann@ruhr-uni-bochum.de> + + doc: Clarify wording of export-attributes. + + commit cea4313644b531ef87b8c8e4bfddde4388cbbe0d + * doc/gpg.texi: Clarify wording of export-attributes. + +2017-07-20 Werner Koch <wk@gnupg.org> + + gpg: New option --with-key-origin. + + commit 165cdd8121bbf80bfe2da071539d3578630f198f + * g10/getkey.c (parse_key_origin): Factor list out as ... + (key_origin_list): new struct. + (key_origin_string): New. + * g10/gpg.c (oWithKeyOrigin): New const. + (opts): New option --with-key-origin. + (main): Implement option. + * g10/options.h (struct opt): New flag with_key_origin. + * g10/keylist.c (list_keyblock_print): Print key origin info. + (list_keyblock_colon): Ditto. + + common: New function print_utf9_string. + + commit bddc2e04f1ddc18be20efc0f0508be401b345f42 + * common/miscellaneous.c (print_utf8_string): New. + + gpg: Make function mk_datestr public. + + commit 3ee314dde16d1d69ddf840cdb8b5aa186c592262 + * g10/keydb.h (MK_DATESTR_SIZE): New. + * g10/keyid.c (mk_datestr): Make public. Add arg bufsize and use + snprintf. Change arg atime to u32. + (datestr_from_pk): Simplify. + (datestr_from_sig): Ditto. + (expirestr_from_pk): Ditto. + (expirestr_from_sig): Ditto. + (revokestr_from_pk): Ditto. + +2017-07-20 Marcus Brinkmann <marcus.brinkmann@ruhr-uni-bochum.de> + + g10: Return proper error when gpg-agent fails to start during probe. + + commit 9998b162b47931fb8a8ed961d53418d505358888 + * g10/getkey.c (lookup): Return immediately on any other error than + GPG_ERR_NO_SECKEY from agent_probe_any_secret_key. + +2017-07-20 NIIBE Yutaka <gniibe@fsij.org> + + scd: Support longer data length for special DOs for v3 card. + + commit 69614d55018ddb8678d8904a52e648931f480d72 + * scd/app-openpgp.c (data_objects): Special DOs like "Login Data", + "URL", "Private DO N" can be longer size >= 256. + (struct app_local_s): Define bits for v3 card. + (get_cached_data): Use extcap.max_special_do for special DOs. + (app_select_openpgp): Detect if extcap_v3, kdf_do, and other bits. + + common: logstream fix. + + commit 84146b3ec44943f06c66a603de19094b930ad446 + * common/logging.c (set_file_fd): Don't close es_stderr. + + dnsmngr: Fix use of CPP. + + commit cc12cf386b620e658fa93a0bd40477bc16d85d98 + * dirmngr/dns.c (HAVE_STATIC_ASSERT, HAVE___ATOMIC_FETCH_ADD) + (DNS_HAVE_SOCKADDR_UN, HAVE_SOCK_NONBLOCK): Don't use defined + to be expanded for expression evaluation. + +2017-07-19 Justus Winter <justus@g10code.com> + + dirmngr: Forbid redirects from .onion to clearnet URIs. + + commit e7fc6e3bf0eb6ffe53e1f099d28ce45cef4a8a87 + * dirmngr/ks-engine-hkp.c (send_request): Forbid redirects from .onion + to clearnet URIs. + * dirmngr/ks-engine-http.c (ks_http_fetch): Likewise. + +2017-07-19 Werner Koch <wk@gnupg.org> + + gpg: Avoid asking by fpr and then by keyid during auto-key-retrieve. + + commit 2e5459457473eb4b3e7b2b14815cb94faa66e8bb + * g10/mainproc.c (check_sig_and_print): Track key server request via + fingerprint. + +2017-07-19 Justus Winter <justus@g10code.com> + + dirmngr: Implement TLS over http proxies. + + commit da91d2106a17c796ddb066a34db92d33b21c81f7 + * dirmngr/http.c (send_request): If a http proxy is to be used, and we + want to use TLS, try to use the CONNECT method to get a connection to + the target server. + + dirmngr: Log http response in debug mode. + + commit e7eabe66b6409c1f5225b751ea5c2d456a3856e6 + * dirmngr/http.c (parse_response): Log http response in debug mode. + + dirmngr: Amend TLS handling. + + commit 1ba220e68149fdb197accf4a15b0a11126c8b431 + * dirmngr/http.c (http_wait_response): Get the 'use_tls' flag from the + write cookie, not from the URI. + + dirmngr: Fix connecting to http proxies. + + commit 46a4a0c0e77e19f9589088bb87357c33142c3f04 + * dirmngr/http.c (send_request): Do not use the 'srvtag' intended for + the target host to connect to the http proxy. + + dirmngr: Fix handling of proxy URIs. + + commit 73d4781e4595634548269bafe46aeb7674c5b219 + * dirmngr/http.c (send_request): We do not support socks4. + +2017-07-19 NIIBE Yutaka <gniibe@fsij.org> + + gpgconf: Make vars read-only explicitly. + + commit 99791184ac4c7486ccdefc150b9921cd923428b9 + * tools/gpgconf-comp.c (gc_backend, gc_arg_type, gc_level, gc_flag) + (gc_component): Add const qualifier. + + Fix usage of ARGPARSE_OPTS. + + commit fa63db89f9581186ed758c502d4e69914b774157 + * agent/gpg-agent.c, agent/preset-passphrase.c, + dirmngr/dirmngr-client.c, dirmngr/dirmngr_ldap.c, kbx/kbxutil.c, + tools/gpg-check-pattern.c, tools/gpgconf.c, tools/gpgsplit.c, + tools/symcryptrun.c: Use ARGPARSE_end. + +2017-07-18 Marcus Brinkmann <marcus.brinkmann@ruhr-uni-bochum.de> + + common: Allow abbreviations of standard options. + + commit f17862d47d184d7f6ef883778cf63801365599a0 + * argparse.h (ARGPARSE_SHORTOPT_HELP, ARGPARSE_SHORTOPT_VERSION, + ARGPARSE_SHORTOPT_WARRANTY, ARGPARSE_SHORTOPT_DUMP_OPTIONS): New + macros. + (ARGPARSE_end): Add some placeholders for standard options. + * argparse.c (arg_parse): Fill in missing standard options so + default machinery works. Check for standard options in new way. + Do not write out standard options for --dump-options. + +2017-07-18 Justus Winter <justus@g10code.com> + + gpgscm,w32: Fix testing for absolute paths. + + commit 2e1342b78b020f5b28359b08a4f63cf11479602f + * tests/gpgscm/main.c (path_absolute_p): New function. + (load): Use new function. + + dirmngr: Honor http keyserver URLs. + + commit b231959728a0056094134e0fca8cc916c24ef37e + * dirmngr/http.c (parse_uri): Keep an unmodified copy of the URI. + * dirmngr/http.h (struct parsed_uri_s): New field 'original'. + * dirmngr/ks-action.c (ks_action_get): Properly handle http and https + URLs. + + dirmngr: Fix memory leak. + + commit ebb35ed7110d1a29061dfb4ccb9038645b20d7f4 + * dirmngr/http.c (parse_uri): Properly free partial results. + + dirmngr: Fix memory leak. + + commit 3d670fa973a03ea88b5f9459b3222a951136dd7a + * dirmngr/http.c (http_release_parsed_uri): Free 'params'. + +2017-07-17 Werner Koch <wk@gnupg.org> + + gpg,sm: Check compliance of the RNG. + + commit a149afe338d61d86985c533cde5e7dbcd31e8698 + * common/compliance.c (gnupg_rng_is_compliant): New. + * g10/call-agent.c (start_agent) [W32]: Check rng compliance. + * sm/call-agent.c (start_agent) [W32]: Ditto. + * g10/encrypt.c (encrypt_simple, encrypt_crypt): Check that the RNG is + compliant. + * sm/encrypt.c (gpgsm_encrypt): Ditto. + * g10/sign.c (do_sign): Ditto. + * sm/sign.c (gpgsm_sign): Ditto. + + agent: New GETINFO sub-command jent_active. + + commit bbbd0db34b4e387f8dc089fb7d69fdcf2ed91a01 + * agent/command.c (cmd_getinfo): Implement it for gcrypt >= 1.8. + + common: New function split_fields_colon. + + commit 849467870ee1c10e0a7b1e89cfc9e8214e4963fe + * common/stringhelp.c (split_fields_colon): New. + * common/t-stringhelp.c (test_split_fields_colon): New test. + (main): Call that test. + +2017-07-14 Justus Winter <justus@g10code.com> + + tests: Improve 'shell.scm' script. + + commit 58eafd11ed5501c0b72fcb553eb3e097ad29b3c6 + * tests/openpgp/defs.scm (create-file): Unlink file first. + * tests/openpgp/shell.scm: Ask whether to import legacy test keys or + not, and whether to drop 'batch' from the configuration. Add paths to + all the programs to 'PATH'. + + gpgscm: Library improvements. + + commit b4d25082fd4502ec01d511c22fecd60d513b81f4 + * tests/gpgscm/repl.scm (prompt-yes-no?): New function. + * tests/gpgscm/tests.scm (pathsep-split): Likewise. + (pathsep-join): Likewise. + (with-path): Use the new function. + + gpgscm: Fail early if the test setup fails. + + commit 7a6e6ad2880bbff54a75ff608d0ec97d6c405733 + * tests/gpgscm/tests.scm (make-environment-cache): Check status code + of setup script. + + gpg: Fix importing keys. + + commit 956da89193370d5aa970cff5b77f605534481a02 + * g10/import.c (import_one): Fix error handling. + +2017-07-13 Werner Koch <wk@gnupg.org> + + gpg: Pass key origin values to import functions. + + commit 330212efb927c119bb5135856f8582c0e4e2e6b7 + * g10/import.c (import_keys_stream): Remove this unused function. + (import_keys_internal): Add arg origin. + (import_keys): Ditto. + (import_keys_es_stream): Ditto. + (import): Ditto. + (import_one): Ditto. + (apply_meta_data): New stub. + (import_secret_one): Pass 0 for ORIGIN. + * g10/keyserver.c (keyserver_get_chunk): For now pass 0 for ORIGIN. + (keyserver_fetch): Add arg origin. + (keyserver_import_cert): Pass KEYORG_DANE for ORIGIN. + (keyserver_import_wkd): Pass KEYORG_WKD for ORIGIN. + * g10/gpg.c (main): Pass OPT.KEY_ORIGIN to import_keys and + keyserver_fetch. + * g10/card-util.c (fetch_url): Pass KEYORG_URL for ORIGIN. + + gpg: New option --key-origin. + + commit fa1155e89ebb4b16ee95549b8ab72672df3a0c54 + * g10/keydb.h (KEYORG_): Rename to KEYORG_. + * g10/packet.h (PKT_user_id): Rename field keysrc to keyorg. Adjust + users. + (PKT_public_key): Ditto. + (PKT_ring_trust): Ditto. + * g10/options.h (struct opt): Add field key_origin. + * g10/getkey.c (parse_key_origin): New. + * g10/gpg.c (oKeyOrigin): New. + (opts): Add "keys-origin". + (main): Set option. + +2017-07-13 Marcus Brinkmann <marcus.brinkmann@ruhr-uni-bochum.de> + + doc: Document gnupg version requirement for gpg-preset-passphrase. + + commit 877a321d011deb3e8501aa9cc5e9f9cd0b19dddf + + +2017-07-13 Justus Winter <justus@g10code.com> + + gpgscm: Make loading of modules less verbose. + + commit f78fe1a4ec9d343199e1f424dd09e2937c913412 + * tests/gpgscm/main.c (load): Increase logging threshold. + + gpgscm: Make it impossible to catch '*interpreter-exit*'. + + commit bce02a8b0f0e51775a4ee5536ccf35efc1f15ca6 + * tests/gpgscm/init.scm (throw'): Make it impossible to catch + '*interpreter-exit*'. This fixes 'exit' (and with it 'fail') inside + 'catch' statements. + +2017-07-10 Marcus Brinkmann <marcus.brinkmann@ruhr-uni-bochum.de> + + tofu: Compare squares instead of square roots. + + commit d24594976686983c7186cbe4e78153888a13b6e4 + * g10/Makefile.am (tofu_source) [USE_TOFU]: Remove sqrtu32.h and + sqrtu32.c. + * g10/sqrtu32.h, g10/sqrtu32.c: Removed files. + * g10/tofu.c: Compare squares instead of square roots. + + speedo: Provide a vagrantfile to test speedo in an isolated VM. + + commit 1455b406e63dd262938e49da5f83c05c17c60a8d + * build-aux/Vagrantfile: New file. + +2017-07-06 Neal H. Walfield <neal@g10code.com> + + doc: Improve TOFU documentation. + + commit 243b2a570c30586e19b8c88e43b282d62d8eb77c + * doc/gpg.texi: Improve TOFU documentation. + +2017-07-05 Werner Koch <wk@gnupg.org> + + agent: Use MAX_PASSPHRASE_LEN (255) also for the loopback. + + commit 3681ee7dc1e9d8c94fdb046d7be0bbcfeba1cfe9 + * agent/call-pinentry.c (agent_get_passphrase): Reduce maximum + passphrase length as conveyed to the loopback to MAX_PASSPHRASE_LEN. + * agent/genkey.c (agent_ask_new_passphrase): Extend the maximum + passphrase as conveyed to the loopback to MAX_PASSPHRASE_LEN. + + doc: Update yat2m to take care of SOURCE_DATE_EPOCH. + + commit 139de02b93773615bdd95e04a7f0c1ad73b4f6fb + * doc/yat2m.c (main): Set a default for OPT_DATE. + + doc: Prefer an installed version of yat2m. + + commit f6faa058749846de18cb34f1cc79867bb0029922 + * configure.ac (YAT2M): Check for tool. + * doc/Makefile.am (yat2m-stamp): Use installed tool if possible. + +2017-07-01 Marcus Brinkmann <marcus.brinkmann@ruhr-uni-bochum.de> + + doc: Document obsolete option in gpgsm. Closes T2231. + + commit 7fb724c61655c6f75c61572d65a46e21ae112574 + * doc/gpgsm.texi: Mark --prefer-system-dirmngr as obsolete. + +2017-06-28 Werner Koch <wk@gnupg.org> + + agent: Fix option --debug-wait. + + commit ecd6c0160f49ae83001dfd150df6b1238fc479d5 + * agent/gpg-agent.c (opts): Typo fix. + +2017-06-26 Justus Winter <justus@g10code.com> + + agent: Support unprotected ssh keys. + + commit 273964798592cd479c111f47e8ce46d5b1999d6a + * agent/command-ssh.c (ssh_key_to_protected_buffer): If the empty + passphrase is supplied, do not protect the key. + + tests: Improve test. + + commit b49b1a87ac2695e3892fb001878da59fbc92fa37 + * tests/openpgp/ssh-export.scm: Split output at any whitespace. + +2017-06-23 Werner Koch <wk@gnupg.org> + + agent: Shutdown on removal of the home directory. + + commit 1ead1ca818bddabc3bca22c195be667993eb3e2e + * common/sysutils.c (gnupg_inotify_watch_delete_self): New. + * agent/gpg-agent.c (handle_connections): Rename my_inotify_fd to + sock_inotify_fd. + (handle_connections): Add home_inotify_fd to watch the home directory. + + build: Add missing LIBASSUAN_CFLAGS to dirmngr/. + + commit 815ecdf08a4285c75892cf9ab72feb13f3bcf590 + * dirmngr/Makefile.am (t_http_CFLAGS): Add LIBASSUAN_CFLAGS. + (t_ldap_parse_uri_CFLAGS): Ditto. + (t_dns_stuff_CFLAGS): Ditto. + + gpg,gpgsm: Emit status code ENCRYPTION_COMPLIANCE_MODE. + + commit f31dc2540acf7cd7f09fd94658e815822222bfcb + * common/status.h (STATUS_ENCRYPTION_COMPLIANCE_MODE): New. + * g10/encrypt.c (encrypt_crypt): Emit new status code. + * sm/encrypt.c (gpgsm_encrypt): Ditto. + +2017-06-21 Justus Winter <justus@g10code.com> + + gpg: Close cached keydb handle in gpgv. + + commit a68a98233ab83f0c7b90e6e588b882085fe59d91 + * g10/gpgv.c (main): Close cached handle. + + tests: Add test for gpgv. + + commit 62274d3c309d8948405c2f966bef507638b4d5c6 + * tests/openpgp/Makefile.am (XTESTS): Add the new test. + * tests/openpgp/gpgv.scm: New file. + * tests/openpgp/signed-messages.scm: Likewise. + * tests/openpgp/verify.scm: Move the signed messages to the new file + and load it. + + gpg: Fix printing keyserver URLs and notation data. + + commit 890a3a70f2e1340d90c7f499358467979b182719 + * g10/keylist.c (show_keyserver_url): Print to 'fp', not to 'stdout'. + (show_notation): Likewise. + +2017-06-20 Justus Winter <justus@g10code.com> + + dirmngr: Properly handle SRV records. + + commit 48aae8167dcae80d43b08167a88d9eb170781a04 + * dirmngr/ks-engine-hkp.c (enum ks_protocol): New type. + (struct hostinfo_s): New flags indicating whether we already did a + A lookup, or a SRV lookup per protocol. Turn 'port' into an array. + (create_new_hostinfo): Initialize new fields. + (add_host): Update the port for the given protocol. + (map_host): Simplify hosttable lookup misses. Check the SRV records + for both protocols on demand, do the A lookup just once. Return the + correct port. + + dirmngr: Refactor variable-sized array code. + + commit fc4834d213af031b456c49c1ba5b5ef8873d1f18 + * dirmngr/ks-engine-hkp.c (struct hostinfo_s): Add explicit length and + size fields. + (MAX_POOL_SIZE): New macro. + (create_new_hostinfo): Initialize new fields. + (host_in_pool_p): Adapt. + (select_random_host): Likewise. + (add_host): Likewise. Move the resizing logic here. + (hostinfo_sort_pool): New function. + (map_host): Simplify. Move the resizing logic away from here. + (ks_hkp_mark_host): Adapt. + (ks_hkp_print_hosttable): Likewise. + + gpg: Fix error handling. + + commit badc1cdae52bd434e5fac2e4275575afeccc2837 + * g10/keygen.c (generate_subkeypair): Handle errors from pinentry. + +2017-06-19 Werner Koch <wk@gnupg.org> + + gpg,gpgsm: Fix compliance check for DSA and avoid an assert. + + commit 3621dbe52584bc8b417f61b5370ebaa5598db956 + * common/compliance.c (gnupg_pk_is_compliant): Swap P and Q for DSA + check. Explicitly check for allowed ECC algos. + (gnupg_pk_is_allowed): Swap P and Q for DSA check. + * g10/mainproc.c (proc_encrypted): Simplify SYMKEYS check. Replace + assert by debug message. + +2017-06-19 Justus Winter <justus@g10code.com> + + gpgscm: Limit the number of parallel jobs. + + commit 61ef43546ba9f0209692a1569d2f033436566a02 + * ffi.c (do_wait_processes): Suppress the timeout error. + * tests.scm (semaphore): New definition. + (test-pool): Only run a bounded number of tests in parallel. + (test::started?): New function. + (run-tests-parallel): Do not report results, do not start the tests. + (run-tests-sequential): Adapt. + (run-tests): Parse the number of parallel jobs. + + gpgscm: Improve option parsing. + + commit e555e7ed7de20fbbb1e3b005c32e292f29cc4a58 + * tests/gpgscm/tests.scm (flag): Accept arguments of the form + '--foo=bar'. + + gpgscm: Improve error handling of foreign functions. + + commit 6639aedaee051e8104d7f63b9a5812abf79440ed + * tests/gpgscm/ffi.scm (ffi-fail): Do not needlessly join the error + message. + + gpgscm: Improve error reporting. + + commit 4c8be58fd46bb16332e84ab8ce978087dc5c68a3 + * tests/gpgscm/init.scm (throw'): Guard against 'args' being atomic. + * tests/gpgscm/scheme.c (Eval_Cycle): Remove any superfluous colons in + error messages. + + tests: Run the OpenPGP tests using the new extended key format. + + commit b766d3d1034e6068a91755ada68f7f7dbe2943b6 + * tests/openpgp/all-tests.scm: Generalize a bit, and also add a + variant that uses the new extended key format. + * tests/openpgp/defs.scm (create-gpghome): Conditionally enable the + new extended key format. + +2017-06-19 Werner Koch <wk@gnupg.org> + + Change license of some files to LGPLv2.1. + + commit 3419a339d9c4e800bf30e9021e05982d8c1021c1 + * COPYING.LIB: Rename to COPYING.LGPL3. + * COPYING.LGPL21: New. + * COPYING.GPL2: New. + * Makefile.am: Distribute them. + * AUTHORS: Update license pointers. Add BSI as copyright holder. + * common/compliance.c, common/compliance.h: Add BSI copyright notice. + Break overlong lines. + * dirmngr/loadswdb.c: Add BSI copyright notices. + * dirmngr/server.c: Ditto. + * tools/call-dirmngr.c: Change license to LGPLv2.1. Add BSI + copyright notice. + * tools/call-dirmngr.h: Ditto. + * tools/gpg-wks-client.c: Ditto. + * tools/gpg-wks-server.c: Ditto. + * tools/gpg-wks.h: Ditto. + * tools/mime-maker.c: Ditto. + * tools/mime-maker.h: Ditto. + * tools/mime-parser.c: Ditto. + * tools/mime-parser.h: Ditto. + * tools/send-mail.c: Ditto. + * tools/send-mail.h: Ditto. + * tools/wks-receive.c: Ditto. + * tools/wks-util.c: Ditto. + * tools/rfc822parse.c, tools/rfc822parse.h: Change license to LGPLv2.1. + +2017-06-19 Justus Winter <justus@g10code.com> + + gpg: Disable compliance module for other GnuPG components. + + commit 6e23416fe61d4130918f2d1bf6e1f98d102c4610 + * common/compliance.c (gnupg_{pk,cipher,digest}_is_compliant): Return + false if the module is not initialized. + (gnupg_{pk,cipher,digest}_is_allowed): Return true if the module is + not initialized. + (gnupg_status_compliance_flag): Do not assert that the module is + initialized. + (gnupg_parse_compliance_option): Likewise. + (gnupg_compliance_option_string): Likewise. + +2017-06-14 Justus Winter <justus@g10code.com> + + gpg: Check and fix keys on import. + + commit 9b12b45aa5e67d4d422bf75a3879df1d52dbe67f + * doc/gpg.texi: Document the new import option. + * g10/gpg.c (main): Make the new option default to yes. + * g10/import.c (parse_import_options): Parse the new option. + (import_one): Act on the new option. + * g10/options.h (IMPORT_REPAIR_KEYS): New macro. + + gpg: Refactor key checking and fixing. + + commit 404fa8211b6188a0abe83ef43a4b44d528c0b035 + * g10/Makefile.am (gpg_sources): Add new files. + * g10/gpgcompose.c (keyedit_print_one_sig): New stub. + * g10/keyedit.c (sig_comparison): Move to new module. + (check_all_keysigs): Likewise. + (fix_keyblock): Adapt callsite. + (keyedit_menu): Likewise. + * g10/key-check.c: New file. + * g10/key-check.h: Likewise. + +2017-06-13 Justus Winter <justus@g10code.com> + + gpg: Refactor keyedit module. + + commit 8095d16b3ef6b5f01ec351824855708149f1c1c3 + * g10/Makefile.am (gpg_SOURCES): Add new file. + * g10/keyedit.c (NODFLG_*): Move flags to the new header file. + (print_one_sig): Export symbol and rename accordingly. + (print_and_check_one_sig): Adapt accordingly. + (check_all_keysigs): Likewise. + * g10/keyedit.h: New file. + * g10/main.h: Drop declarations, include new header. + + dirmngr: Implement querying nameservers over IPv6. + + commit 15d2a009931f44a60b9df6325f837add208459d6 + * dirmngr/dns.c (dns_so_check): Reinitialize sockets on address family + mismatch. + (enum dns_res_state): New states for querying over IPv6. + (dns_res_exec): Implement the new states by copying and modifying the + IPv4 variants. Branch to their respective counterparts if the current + list of resolvers using the current address family is exhausted. + +2017-06-13 Werner Koch <wk@gnupg.org> + + gpg: Disable keydb handle caching only for W32. + + commit e80925171ddb20c7e76c1db88c15ce2d9b09db86 + * g10/getkey.c (getkey_end) [!W32]: Re-enable caching. + + common: Fix -Wswitch warning. + + commit 7c91b48f0e80266cf7491c2bb7d8aabc12362643 + * common/compliance.c (gnupg_digest_is_allowed): Don't include + GCRY_MD_WHIRLPOOL because it is not a digest_algo_t. + +2017-06-11 Neal H. Walfield <neal@g10code.com> + + gpg: Send gpgcompose --help output to stdout, not stderr. + + commit 7aeac20f12ed257d3d159b304afeeac7f406c9d2 + * g10/gpgcompose.c (show_help): Send gpgcompose --help output to + stdout, not stderr. + + gpg: Improve some output of gpgcompose. + + commit cb0484e0762a1ce05d00d949f4b70162e2f7b82c + + + gpg: Support 'gpgcompose --encrypted-pop --help' + + commit 4ddf4e114c8df06d89144e857b7601de0b7e5a7c + * g10/gpgcompose.c (encrypted_pop_options): New variable. + (encrypted_pop): Support the --help option. + + gpg: Remove dead code. + + commit 8a9066865688cf17594b2bdde4b260b0ef36d68e + * g10/gpgcompose.c (filter_pop): F->PKTTYPE will never be + PKT_ENCRYPTED_MDC. + (encrypted_pop): Likewise and there is no option --encrypted-mdc-pop. + +2017-06-08 Marcus Brinkmann <mb@g10code.com> + + artwork: Add new banner. + + commit bc5503b2bf273b51d5dc59617e596f1cfb742fbc + * artwork/banner/banner-full.png: New file. + * artwork/banner/banner-rectangle.png: New file. + * artwork/banner/banner.svg: New file. + * artwork/banner/Bungee-Regular.ttf: New file. + * artwork/banner/Raleway-license.txt: New file. + * artwork/banner/banner-half.png: New file. + * artwork/banner/banner-skyscraper.png: New file. + * artwork/banner/Bungee-license.txt: New file. + * artwork/banner/Raleway-ExtraBold.ttf: New file. + * artwork/banner/Raleway-SemiBold.ttf: New file. + +2017-06-08 Justus Winter <justus@g10code.com> + + common,gpg,sm: Restrict the use of algorithms according to CO_DE_VS. + + commit a64a55e10420cf11e00062b590dffe5d0c3e8192 + * common/compliance.c (gnupg_pk_is_allowed): New function. + (gnupg_cipher_is_allowed): Likewise. + (gnupg_digest_is_allowed): Likewise. + * common/compliance.h (enum pk_use_case): New definition. + (gnupg_pk_is_allowed): New prototype. + (gnupg_cipher_is_allowed): Likewise. + (gnupg_digest_is_allowed): Likewise. + * g10/decrypt-data.c (decrypt_data): Restrict use of algorithms using + the new predicates. + * g10/encrypt.c (encrypt_crypt): Likewise. + * g10/gpg.c (main): Likewise. + * g10/pubkey-enc.c (get_session_key): Likewise. + * g10/sig-check.c (check_signature2): Likewise. + * g10/sign.c (do_sign): Likewise. + * sm/decrypt.c (gpgsm_decrypt): Likewise. + * sm/encrypt.c (gpgsm_encrypt): Likewise. + * sm/gpgsm.c (main): Likewise. + * sm/sign.c (gpgsm_sign): Likewise. + * sm/verify.c (gpgsm_verify): Likewise. + + gpg: Fix computation of compliance with CO_DE_VS. + + commit b03fab09e188f7bb10237d4f20455e4026737e4e + * g10/mainproc.c (proc_encrypted): Symmetric encryption is also in + compliance with CO_DE_VS. + +2017-06-08 Werner Koch <wk@gnupg.org> + + dirmngr: Implement HTTP connect timeouts of 15 or 2 seconds. + + commit 9b43220b8ad1a5c1cd51de3bbfff7ccbcc3fa877 + * dirmngr/dirmngr.c (oConnectTimeout, oConnectQuickTimeout): New + enums. + (opts): New options --connect-timeout and --connect-quick-timeout. + (DEFAULT_CONNECT_TIMEOUT): New. + (DEFAULT_CONNECT_QUICK_TIMEOUT): New. + (parse_rereadable_options): Handle new options. + (post_option_parsing): New. Use instead of direct calls to + set_debug() and set_tor_mode (). + (main): Setup default timeouts. + (dirmngr_init_default_ctrl): Set standard connect timeout. + * dirmngr/dirmngr.h (opt): New fields connect_timeout and + connect_quick_timeout. + (server_control_s): New field timeout. + * dirmngr/ks-engine-finger.c (ks_finger_fetch): Pass timeout to + http_raw_connect. + * dirmngr/ks-engine-hkp.c (send_request): Call + http_session_set_timeout. + * dirmngr/ks-engine-http.c (ks_http_fetch): Ditto. + * dirmngr/server.c (cmd_wkd_get, cmd_ks_search, cmd_ks_get) + (cmd_ks_fetch): Implement --quick option. + + dirmngr: Allow a timeout for HTTP and other TCP connects. + + commit 5b9025cfa1f9b1c67ddf2f6bf87d863e780cf157 + * dirmngr/http.c: Include fcntl.h. + (http_session_s): Add field 'connect_timeout'. + (http_session_new): Clear that. + (http_session_set_timeout): New function. + (my_wsagetlasterror) [W32]: New. + (connect_with_timeout): New function. + (connect_server): Add arg 'timeout' and call connect_with_timeout. + (send_request): Add arg 'timeout' and pass it to connect_server. + (http_raw_connect): Add arg 'timeout'. + (http_open): Pass TIMEOUT from the session to connect_server. + + gpg: Avoid failure exit when scdaemon is disabled but not needed. + + commit 17e5afd80f247c356f03c71e8b61da424ffedabb + * g10/call-agent.c (warn_version_mismatch): Use log_info if error is + "not supported". + +2017-06-07 Justus Winter <justus@g10code.com> + + common: Add cipher mode to compliance predicate. + + commit e051e396156211449568afa0ca7505dc13eaa3b4 + * common/compliance.c (gnupg_cipher_is_compliant): Add mode parameter. + * common/compliance.h (gnupg_cipher_is_compliant): Likewise. + * g10/mainproc.c (proc_encrypted): Adapt callsite. + * sm/decrypt.c (gpgsm_decrypt): Likewise. + + common,gpg,sm: Initialize compliance module. + + commit 21fc2508c979a8202dd8ca7fa7b801e0d62a5ceb + * common/compliance.c (gnupg_initialize_compliance): New function. + * common/compliance.h (gnupg_initialize_compliance): New prototype. + * g10/gpg.c (main): Use the new function. + * sm/gpgsm.c (main): Likewise. + + common,gpg: Move the compliance option printer. + + commit f440cf73eab0b0e75e3cb2e8c9e70a77f20ef1dc + * common/compliance.c (gnupg_compliance_option_string): New function. + * common/compliance.h (gnupg_compliance_option_string): New prototype. + * g10/encrypt.c (write_pubkey_enc_from_list): Update callsite. + * g10/gpg.c (main): Likewise. + * g10/keyedit.c (keyedit_menu): Likewise. + * g10/pkclist.c (build_pk_list): Likewise. + * g10/main.h (compliance_option_string): Remove prototype. + * g10/misc.c (compliance_option_string): Remove function. + + common,gpg,sm: Move the compliance option parser. + + commit 842d233d408457cfa9a8473a6748472956f44e84 + * common/compliance.c (gnupg_parse_compliance_option): New function. + * common/compliance.h (struct gnupg_compliance_option): New type. + (gnupg_parse_compliance_option): New prototype. + * g10/gpg.c (parse_compliance_option): Remove function. + (compliance_options): New variable. + (main): Adapt callsite. + * sm/gpgsm.c (main): Use the new common function. + * sm/gpgsm.h (opt): New field 'compliance'. + + gpg: Improve compliance with CO_DE_VS. + + commit 027ce4ba37be1d052bca2f6109fe810ef57f4038 + * g10/gpg.c (set_compliance_option): The specification, section 4.1.1, + forbids the use of encryption without integrity protection. + +2017-06-07 Andre Heinecke <aheinecke@intevation.de> + + speedo: Fix a minor memleak in the installer. + + commit 13dc75a4e7cc2959003c08940fc53c6ece7b77e4 + * build-aux/speedo/w32/g4wihelp.c (path_remove): Free path_new on + early return. + +2017-06-06 Andre Heinecke <aheinecke@intevation.de> + + speedo: Fix source tar call ambiguity. + + commit 96acbdd7265f504d06783adfd6322a6675c41c0a + * build-aux/speedo.mk (dist-source): Expand exclude-vc to + exclude-vcs. + +2017-06-01 Justus Winter <justus@g10code.com> + + gpg: Report compliance with CO_DE_VS. + + commit be8ca8852629786266db4d3d69b2c2fb03bd6365 + * common/compliance.c (gnupg_pk_is_compliant): Add DSA with certain + parameters. + (gnupg_cipher_is_compliant): New function. + (gnupg_digest_is_compliant): Likewise. + * common/compliance.h (gnupg_cipher_is_compliant): New prototype. + (gnupg_digest_is_compliant): Likewise. + * common/status.h (STATUS_DECRYPTION_COMPLIANCE_MODE): New status. + (STATUS_VERIFICATION_COMPLIANCE_MODE): Likewise. + * doc/DETAILS: Document the new status lines. + * g10/mainproc.c (proc_encrypted): Compute compliance with CO_DE_VS + and report that using the new status line. + (check_sig_and_print): Likewise. + * sm/decrypt.c (gpgsm_decrypt): Likewise. + * sm/verify.c (gpgsm_verify): Likewise. + + common: Improve checking for compliance with CO_DE_VS. + + commit 3b70f62423041e614332b90d782576ee6868a030 + * common/compliance.c (gnupg_pk_is_compliant): Only certain RSA key + sizes are compliant. + + gpg,common: Move the compliance framework. + + commit 8a012280e0f0a462c094d106355aa436fceb1b76 + * common/Makefile.am (common_sources): Add new files. + * common/compliance.c: New file. Move 'gnupg_pk_is_compliant' here, + and tweak it to not rely on types private to gpg. + * common/compliance.h: New file. Move the compliance enum here. + * g10/keylist.c (print_compliance_flags): Adapt callsite. + * g10/main.h (gnupg_pk_is_compliant): Remove prototype. + * g10/misc.c (gnupg_pk_is_compliant): Remove function. + * g10/options.h (opt): Use the new compliance enum. + * sm/keylist.c (print_compliance_flags): Use the common functions. + +2017-05-31 Justus Winter <justus@g10code.com> + + gpg: Fix compliance computation. + + commit 02af509dfc2b893720aa0c7b380fd7736b2bafd0 + * g10/misc.c (gnupg_pk_is_compliant): Compare against CO_RFC2440, not + RFC2440 which is actually a predicate. + + sm: Simplify code. + + commit f9cb15b385f64f7c9403670f03632f81a874f213 + * sm/verify.c (gpgsm_verify): Simplify by using a newer gcrypt + interface. + + doc: Improve documentation. + + commit 485b5a6e6dfe7aa545afa926e060d516ae911e42 + * doc/gpgsm.texi: Mention that '--with-key-data' implies + '--with-colons'. + +2017-05-31 NIIBE Yutaka <gniibe@fsij.org> + + agent: Fix error from do_encryption. + + commit c03e0eb01dc4632432d0472a6f8051142082bea4 + * agent/protect.c (do_encryption): Don't mask failure of OUTBUF + allocation. + + scd: Fix error code on failure at usb_init. + + commit 8defb21d34410d000c8b776e0e3a1edd04762638 + * scd/ccid-driver.c (ccid_dev_scan): Return GPG_ERR_ENODEV. + + scd: Handle a failure of libusb_init. + + commit 5c33649782bf255af5a55f16eac5e85f059b00bf + * scd/ccid-driver.c (ccid_get_reader_list, ccid_dev_scan): Handle + failure. + +2017-05-30 Andre Heinecke <aheinecke@intevation.de> + + gpg: Disable keydb handle caching. + + commit d3d640b9cc98dd0d06b49a2e4d46eb67af96fe29 + * g10/getkey.c (getkey_end): Disable caching of the open keydb + handle. + +2017-05-30 NIIBE Yutaka <gniibe@fsij.org> + + agent: Fix memory leaks. + + commit 996544626ea416c173a940db47f47f9e5cbd844c + * agent/divert-scd.c (ask_for_card): Free WANT_KID and WANT_SN_DISP. + * agent/gpg-agent.c (create_server_socket): Free UNADDR. + +2017-05-25 Werner Koch <wk@gnupg.org> + + dirmngr: This towel should better detect a changed resolv.conf. + + commit de3a0988ef9addccd6b5c7950fb8797afbc3978d + * dirmngr/dns-stuff.c (resolv_conf_changed_p): Fix initialization time + issue. + + dirmngr: Re-init libdns resolver on towel change of resolv.conf. + + commit b5f356e9fba2d99909f8f54d7b7e6836bed87b68 + * dirmngr/dns-stuff.c: Include sys/stat.h. + (RESOLV_CONF_NAME): New macro to replace a string. + (resolv_conf_changed_p): New. + (libdns_init): Call new function + (libdns_res_open): Ditto. + +2017-05-24 Justus Winter <justus@g10code.com> + + agent: Make digest algorithms for ssh fingerprints configurable. + + commit 525f2c482abb6bc2002eb878b03558fb43e6b004 + * agent/agent.h (opt): New field 'ssh_fingerprint_digest'. + * agent/command-ssh.c (data_sign, ssh_identity_register): Honor the + option for strings used to communicate with the user. + * agent/findkey.c (agent_modify_description): Likewise. + * agent/gpg-agent.c (cmd_and_opt_values): New value. + (opts): New option '--ssh-fingerprint-digest'. + (parse_rereadable_options): Set the default to MD5 for now. + (main): Handle the new option. + * doc/gpg-agent.texi: Document the new option. + + agent: Write both ssh fingerprints to 'sshcontrol' file. + + commit a5f046d99a084b6a95268f03c1b588e8b78083cb + * agent/command-ssh.c (add_control_entry): Hand in the key, write both + the MD5- and the SHA256-based fingerprint to the 'sshcontrol' file + when adding ssh keys. + (ssh_identity_register): Adapt callsite. + + common: Correctly render SHA256-based ssh fingerprints. + + commit 3a07a69dfc87b4fff610740d3dde8e23f0d2f8bc + * common/ssh-utils.c (dummy_realloc): New function. + (dummy_free): Likewise. + (get_fingerprint): Prepend the fingerprint with the name of the digest + algorithm. Correctly render SHA256-based ssh fingerprints. + * common/t-ssh-utils.c (sample_keys): Add SHA256 hashes for the keys. + (main): Add an option to dump the keys to gather fingerprints, also + print the SHA256 fingerprint for keys given as arguments, and check + the SHA256 fingerprints of the test keys. + + common: Support different digest algorithms for ssh fingerprints. + + commit 3ac1a9d3a018816233a855faff059b4e0657a0f1 + * common/ssh-utils.c (get_fingerprint): Add and honor 'algo' parameter. + (ssh_get_fingerprint{,_string}): Likewise. + * common/ssh-utils.h (ssh_get_fingerprint{,_string}): Update prototypes. + * common/t-ssh-utils.c (main): Adapt accordingly. + * agent/command-ssh.c (agent_raw_key_from_file): Likewise. + (ssh_identity_register): Likewise. + * agent/command.c (do_one_keyinfo): Likewise. + * agent/findkey.c (modify_description): Likewise. + +2017-05-22 NIIBE Yutaka <gniibe@fsij.org> + + agent: Add const qualifier for read-only table. + + commit 509e4a4d7491daf496b21e5892f4f63ab90e8e21 + * agent/call-pinentry.c (start_pinentry): Add const to tbl. + * agent/command-ssh.c (request_specs): Add const. + (ssh_key_types): Likewise. + (request_spec_lookup): Add const to the return value and SPEC. + (ssh_request_process): Likewise. + * agent/protect.c (protect_info): Add const. + (agent_unprotect): Add const to algotable. + + g10: Fix default-key selection for signing, possibly by card. + + commit fbb2259d22e6c6eadc2af722bdc52922da348677 + * g10/call-agent.c (warn_version_mismatch): Revert. + (start_agent): Suppress version mismatch if relevant. + * g10/getkey.c (get_seckey_default_or_card): New. + * g10/skclist.c (build_sk_list): Use get_seckey_default_or_card. + +2017-05-18 Daniel Kahn Gillmor <dkg@fifthhorseman.net> + + doc: Fix spellings. + + commit 3713f67026467f63f80649c92ac4cc7973589855 + + + docs: Point to https://dev.gnupg.org/ . + + commit 705da1eb23aef92c42d6d657b20a0984b104f72f + Replace mentions of bugs.gnupg.org with https://dev.gnupg.org/. Since + the project has transitioned to a better workflow for supporting + contributions, we should ensure that our documentation points to the + right place. + +2017-05-17 Justus Winter <justus@g10code.com> + + gpgscm: Fix checking for opcode arguments. + + commit aae50e0b6a61549e226e0c7785260ad517f0ffff + * tests/gpgscm/scheme.c (Eval_Cycle): Update 'pcd' after dispatching + an instruction. + + tests: Fix agent teardown in release builds. + + commit 0e1729bb993648deca84a2664ae78edc848d7003 + * tests/openpgp/defs.scm (start-agent,stop-agent): Use gpg-conf which + will properly use the '--build-prefix' argument to make gpgconf use + tools from the build directory. + +2017-05-17 NIIBE Yutaka <gniibe@fsij.org> + + g10: Fix gpgcompose.c. + + commit ae95a7f5335e605fcd71fbe4a18ed384c88d590a + * g10/gpgcompose.c (show_help): Check return value. + + g10: Suppress error for card availability check. + + commit a8dd96826f8484c0ae93c954035b95c2a75c80f2 + * g10/call-agent.c (start_agent): Add semantics for card; Suppress + error for card check. + (warn_version_mismatch): Ignore an error for scdaemon. + (agent_scd_serialno): Call start_agent with + FLAG_FOR_CARD_SUPPRESS_ERRORS. + +2017-05-16 Justus Winter <justus@g10code.com> + + tests: Configure the environments to use scdaemon from build tree. + + commit 386a7bbb245dd3ab7c4156a554adbe75d82bdf49 + * tests/gpgme/gpgme-defs.scm: Use the scdaemon from the build tree + when writing a 'gpg-agent.conf'. + * tests/gpgsm/gpgsm-defs.scm: Likewise. + * tests/openpgp/defs.scm: Likewise. + +2017-05-15 Werner Koch <wk@gnupg.org> + + Release 2.1.21. + + commit 9574820329128f0ea8a98f9bfc0e77c73c3e0ec0 + + + po: Update German translation. + + commit 4bd079dbdb44067688377156413dd32a82a89d22 + + + gpg: Do not mark ", " translatable. + + commit 2d381b0f0ba97657e9fb2971eca6648bb77dd2cc + * g10/tofu.c (ask_about_binding): Remove useless translation markers. + +2017-05-15 Andre Heinecke <aheinecke@intevation.de> + + dirmngr,w32: Fix ldap crl read on windows. + + commit abe3a9043f86b48b92ddcec47197e032e35a6f4f + Summary: + * dirmngr/ldap-wrapper-ce.c (outstream_cookie_s): Add buffer_read_pos. + (buffer_get_data): Use seperate read pos. + +2017-05-15 Werner Koch <wk@gnupg.org> + + common: Let format_text return an error. + + commit 00b7767bc6fe309aa20375c859ebf708cfc7b9ea + * common/stringhelp.c (format_text): Return NULL on error. + * common/t-stringhelp.c (test_format_text): Adjust for change. + * g10/gpgcompose.c (show_help): Abort on out of core. + * g10/tofu.c (ask_about_binding): Abort on format_text error. + (show_statistics): Ditto. + (show_warning): Ditto. + +2017-05-11 Justus Winter <justus@g10code.com> + + tests: Also run all OpenPGP tests using keyrings. + + commit bc01d62dc5d520e138499df5d80fb50f9e87e3e8 + * tests/openpgp/all-tests.scm: Run each test twice, once with public + keys stored in a keybox, once with a keyring. + * tests/openpgp/defs.scm (create-gpghome): Create a public keyring to + make GnuPG use that instead of creating a keybox if '--use-keyring' is + given. + * tests/openpgp/setup.scm: Fix flag handling and usage. + + tests: Make it possible to run all tests using our infrastructure. + + commit f4365790daa1d1400c7f0fe73ac9a6d25f0c6d0a + * Makefile.am (TESTS_ENVIRONMENT): New variable. + (check-all): New phony target to run all tests. + * tests/gpgme/gpgme-defs.scm (have-gpgme?): New function that tests + whether the GPGME test suite is available instead of exiting the + process. + * tests/gpgscm/init.scm (export): New macro. + * tests/gpgscm/tests.scm (run-tests): New function. + (load-tests): Likewise. + * tests/gpgme/run-tests.scm: Simplify and move the parsing of the list + of tests to 'all-tests.scm'. + * tests/gpgsm/run-tests.scm: Likewise. + * tests/migrations/run-tests.scm: Likewise. + * tests/openpgp/run-tests.scm: Likewise. + * tests/gpgme/Makefile.am: To select the tests to run, use the + variable 'TESTS'. This harmonizes the interface with the automake + test suite. + * tests/gpgsm/Makefile.am: Likewise. + * tests/migrations/Makefile.am: Likewise. + * tests/openpgp/Makefile.am: Likewise. + * tests/openpgp/README: Likewise. + * agent/all-tests.scm: New file. + * common/all-tests.scm: Likewise. + * g10/all-tests.scm: Likewise. + * g13/all-tests.scm: Likewise. + * tests/gpgme/all-tests.scm: Likewise. + * tests/gpgsm/all-tests.scm: Likewise. + * tests/migrations/all-tests.scm: Likewise. + * tests/openpgp/all-tests.scm: Likewise. + * tests/run-tests.scm: Likewise. + + tests: Move the makefile parser. + + commit 78d6a25a2db22ad2ae30d57ca980c0400cfef726 + * tests/gpgme/gpgme-defs.scm (parse-makefile, parse-makefile-expand): + Move... + * tests/gpgscm/makefile.scm: ... here. + * tests/gpgscm/Makefile.am (EXTRA_DIST): Add new file. + + gpgscm: Make it possible to set the logfile name. + + commit 29ef34cc4cb23e7b743dbf4cc8e5761f06076b9a + * tests/gpgscm/tests.scm (test): Only set the default log filename + when it has not been set before. + +2017-05-10 NIIBE Yutaka <gniibe@fsij.org> + + g10, sm, dirmngr, common: Add comment for fall through. + + commit 0ce94a9698104d9bfc73d5a37478189564c96eb4 + * common/b64dec.c (b64dec_proc): Comment to clarify. + * dirmngr/cdblib.c (cdb_make_put): Use same pattern to clarify. + * dirmngr/dirmngr-client.c (read_pem_certificate): Likewise. + * dirmngr/ks-engine-hkp.c (ks_hkp_get): Likewise. + * g10/armor.c (unarmor_pump): Likewise. + * g10/gpg.c (main): Likewise. + * g10/import.c (read_block): Likewise. + * g10/keygen.c (make_backsig): Likewise. + * g10/pkclist.c (check_signatures_trust): Likewise. + * sm/gpgsm.c (main): Likewise. + + g10: Stop compiler warning for t-stutter. + + commit 98b759119c81c5b39f34f8a9a7b6a57e91ad6470 + * g10/t-stutter.c (do_test): Refer current_test_group_failed. + +2017-05-08 Justus Winter <justus@g10code.com> + + gpg: Properly account for ring trust packets. + + commit 22739433e98be80e46fe7d01d52a9627c1aebaae + * g10/keyring.c (keyring_get_keyblock): Use the parser's packet count + instead of counting ourself. + * g10/packet.h (struct parse_packet_ctx_s): New field + 'n_parsed_packets'. + (init_parse_packet): Initialize new field. + * g10/parse-packet.c (parse): Count packets. + +2017-05-04 Justus Winter <justus@g10code.com> + + tests: Support tests that are expected to fail. + + commit d6b46462f8c5c705ffb7cf8af03465a926aa11d3 + * tests/gpgscm/tests.scm (test-pool): Rework reporting. Filter using + the computed test status instead of the return value. Also print the + new categories 'failed expectedly' and 'passed unexpectedly'. + (test): If a test ends with a bang (!), it is expected to fail. Adapt + status, status-string, and xml accordingly. + + tests: Add function to dump packets. + + commit eab0138e3179f247180a639a91570e5ee2c6ad0e + * tests/openpgp/defs.scm (gpg-dump-packets): New function. + +2017-05-03 Andre Heinecke <aheinecke@intevation.de> + + speedo,w32: Fix silent user mode installation. + + commit d378cc34a8d3d5053cf0c5ac7aa731c1bcefee22 + * build-aux/speedo/w32/inst.nsi (AddToPath): Move account + check here. + (PrintNonAdminWarning): Remove is_user_install variable. + +2017-05-03 Justus Winter <justus@g10code.com> + + gpgscm: Create and re-use frame objects. + + commit 8a168a6d4052ec31fed77c79bb96ffdd32bf9646 + * tests/gpgscm/scheme-private.h (struct scheme): New field + 'frame_freelist'. + * tests/gpgscm/scheme.c (enum scheme_types): New type 'T_FRAME'. + (type_to_string): Handle new type. + (settype): New macro. + (gc_disable): Make sure there is at least one frame in the free list. + (mark): Handle frame objects. + (finalize_cell): Likewise. + (dump_stack_initialize): Initialize free list. + (dump_stack_free): Simplify. + (frame_length): New variable. + (dump_stack_make_frame): New function. + (frame_slots): Likewise. + (frame_payload): New macro. + (dump_stack_allocate_frame): New function. + (dump_stack_deallocate_frame): Likewise. + (dump_stack_preallocate_frame): Likewise. + (_s_return): Unpack frame object and deallocate it. + (s_save): Wrap state in an frame object. + (dump_stack_mark): Mark the free list. + + gpgscm: Merge opexe_0. + + commit 9c6407d17e0cb9f4a370b1b83e7816577ec7d29d + * tests/gpgscm/scheme-private.h (struct scheme): Remove field 'op'. + * tests/gpgscm/scheme.c (opexe_0): Inline into 'Eval_Cycle'. + (_Error_1): Return the opcode to evaluate next. + (Error_1): Do not return, but set the opcode and goto dispatch. + (Error_0): Likewise. + (s_goto): Likewise. + (s_return): Likewise. + (s_return_enable_gc): Likewise. + (s_thread_to): Remove superfluous cast. + (_s_return): Return the opcode to evaluate next. + (scheme_init_custom_alloc): Adapt to removal of field 'op'. + +2017-05-03 Andre Heinecke <aheinecke@intevation.de> + + speedo,w32: Allow installation as normal user. + + commit cacfd4bce94704b531f68ee76fb40789e44fde67 + * build-aux/speedo/w32/g4wihelp.c (ENV_HK_USER, ENV_REG_USER): + New defines. + (path_add): Handle is_user_install variable. Don't abort + if Path reg key does not exist. Fix crash if Path reg key + does not contain a semicolon. + (path_remove): Handle is_user_install variable. Fix crash + if Path reg key does not exist. + * build-aux/speedo/w32/inst.nsi: Remove obsolete HAVE_STARTMENU + this was double guarded with WITH_GUI. Add Multiuser plugin and + defines for this. Use SHCTX instead of HKLM / HKCU. + (PrintNonAdminWarning): Only Warn and don't abort. + +2017-05-02 Daniel Kahn Gillmor <dkg@fifthhorseman.net> + + g10: Remove skeleton options files. + + commit 201f86803017c1db373023f7b506d4a0dc644bbc + * build-aux/speed/w32/inst.nsi: stop installing skeleton files. + * doc/gpg.texi: stop documenting skeleton files. + * g10/Makefile.am: stop installing skeleton files. + * g10/openfile.c (copy_options_file): Remove. + (try_make_homedir): do not call copy_options_file. + +2017-04-27 NIIBE Yutaka <gniibe@fsij.org> + + g10: For signing, prefer available card key when no -u option. + + commit 97a2394ecafaa6f58e4a1f70ecfd04408dc15606 + * g10/skclist.c (build_sk_list): Ask gpg-agent if card is available. + Then, use the card key if any. + +2017-04-26 NIIBE Yutaka <gniibe@fsij.org> + + g10: Minor clean up. + + commit 2262a80c5f44433a08bc0e21b77d9efe51596f21 + * g10/main.h (complete_sig): Remove declaration. + * g10/sign.c (complete_sig): Make it static. + +2017-04-25 NIIBE Yutaka <gniibe@fsij.org> + Tomas Mraz + + dirmngr: Fix aliasing problem in dns.c. + + commit 247932f367f856e7ce91528e14f0aaf838150857 + * dirmngr/dns.c (dns_ai_setent): Care about aliasing. + +2017-04-25 NIIBE Yutaka <gniibe@fsij.org> + + tests: Remove *.conf.tmpl from Makefile. + + commit 7851d73fd7f424f9a649690e1cb3055feb792c51 + * tests/openpgp/Makefile.am (TEST_FILES): Remove gpg.conf.tmpl + and gpg-agent.conf.tmpl. + + g10: invalidate the fd cache for keyring. + + commit 116cfd60779fbb3540da629db54dc2e148f4a3a2 + * g10/keyring.c (keyring_search_reset): Don't keep the FD cache. + +2017-04-24 Andre Heinecke <aheinecke@intevation.de> + + w32: Enable wildcard expansion with mingw-w64. + + commit 2e71bf30f038ca0e142acbb6f650ce029105f8a2 + * g10/gpg.c: Define _dowildcard = -1; + +2017-04-24 Justus Winter <justus@g10code.com> + + tests: Fix Python detection. + + commit ef1922b3b19df0aa7f8c15d503c603f76fc13f82 + * tests/gpgme/gpgme-defs.scm (python): Fix Python detection. + + gpgscm: Refactor cell finalization. + + commit d2f6798621d751cd6ae6f091c4a2af4569c5b8aa + * tests/gpgscm/scheme.c (finalize_cell): Use switch, return whether + the cell may be freed. + (gc): Update callsite. + + gpgscm: Tweak error message display. + + commit 78547bfe8a885579438a17abadca02b62cce2844 + * tests/gpgscm/init.scm (throw'): If the first argument to the error + is a string, display it as such. + + tests: Deduplicate and simplify code. + + commit 06a177ceea529269a7404740c60416bd6a4567b1 + * tests/gpgme/gpgme-defs.scm (create-file): Move... + * tests/gpgsm/gpgsm-defs.scm (create-file): ... likewise... + * tests/openpgp/defs.scm (create-file): Here. + (create-gpghome): Use 'create-file'. + * tests/openpgp/gpg-agent.conf.tmpl: Delete file. + * tests/openpgp/gpg.conf.tmpl: Likewise. + + gpgscm: Fix test. + + commit 9ae63b9caefdf3e925c5928667fcd9227132d27f + * tests/gpgscm/t-child.scm: Use 'string-length' on the string. + + gpgscm: Improve syntax checking. + + commit 4aab0e6ac7f2887a6f38f0cb95365dd7c30b4b18 + * tests/gpgscm/scheme.c (opexe_0): Make sure closure arguments are + symbols. + + gpgscm: Emit JUnit-style XML reports. + + commit ee715201ae784e840b6136393289e6dbd6f4c540 + * tests/gpgscm/Makefile.am (EXTRA_DIST): Add new file. + * tests/gpgscm/lib.scm (string-translate): New function. + * tests/gpgscm/main.c (main): Load new file. + * tests/gpgscm/tests.scm (dirname): New function. + (test-pool): Record execution times, emit XML report. + (test): Record execution times, record log file name, emit XML report. + (run-tests-parallel): Write XML report. + (run-tests-sequential): Likewise. + * tests/gpgscm/xml.scm: New file. + * tests/gpgme/Makefile.am (CLEANFILES): Add 'report.xml'. + * tests/gpgsm/Makefile.am: Likewise. + * tests/migrations/Makefile.am: Likewise. + * tests/openpgp/Makefile.am: Likewise. + + gpgscm: Make logging less verbose and more useful. + + commit 679920781a25ae5c0e49d4bd78e6926fd661778f + * tests/gpgscm/tests.scm (call-with-io): When being verbose, include + the pid in the output, and avoid duplicating the command arguments. + + gpgscm: Make test framework less functional. + + commit a71f4142e13e2cc26ef0cd62f56a1ccb7ce678ee + * tests/gpgscm/tests.scm (test-pool, tests): Previously, these methods + updated objects by creating new updated copies of the object being + manipulated. This made the code awkward without any benefit, + therefore I change it to just update the object. + + gpgscm: Move 'trace' and 'stringify'. + + commit f03d6897be904da58cad76b4bd07729922b47616 + * tests/gpgscm/tests.scm (trace, stringify): Move... + * tests/gpgscm/lib.scm: ... here. + + gpgscm: Avoid fruitless garbage collection cycles. + + commit 245860ecaf8b9e82ca577385abd453ac92ffcd26 + * tests/gpgscm/scheme-private.h (CELL_MINRECOVER): New macro. + * tests/gpgscm/scheme.c (_get_cell): Move the heuristic to get more + cells... + (gc): ... here where every caller benefits from the optimization. + +2017-04-20 NIIBE Yutaka <gniibe@fsij.org> + + g13: Fix for Solaris. + + commit 10519270d36586c536bfb6c4cda8ac17c01f4976 + * configure.ac: Check sys/mkdev.h. + * g13/sh-dmcrypt.c: Include sys/mkdev.h. + +2017-04-18 NIIBE Yutaka <gniibe@fsij.org> + + dirmngr: Fix final close of LISTEN_FD. + + commit 4b2581dc0ea1d03e70023bb0748aa0c21c0a2173 + * dirmngr/dirmngr.c (handle_connections): Close LISTEN_FD. + + dirmngr: Fix API difference for Windows. + + commit 0d0a7efa8fa0accc1da851917376e2328ef33c96 + * dirmngr/http.c (read_server, write_server): Use assuan_fd_t. + (http_wait_response): Use FD2INT to get unsigned integer fd. + (read_server, write_server): Likewise. + (simple_cookie_read, simple_cookie_write): Use assuan_fd_t. + +2017-04-17 NIIBE Yutaka <gniibe@fsij.org> + + agent: More minor change. + + commit 9296aed4bd2ad09d23339e658264e557c5312585 + * agent/command.c (cmd_pksign): Remove redundant assignment. + + agent: Minor cleanup. + + commit 45c52cca1401b930878a8f901b63cfbb22e9e327 + * agent/command-ssh.c (ssh_key_to_protected_buffer): Not touch ERR. + * agent/command.c (cmd_genkey, cmd_import_key): Clean up. + + tests: Minor memory fix. + + commit b9440aa3693a4bb91e1ba8ff09e2d93ff22dd70a + * tests/openpgp/fake-pinentry.c (get_passphrase): Free the memory. + + g10: Fix parse_ring_trust. + + commit 256e861bce3dc9aba8fab4df47a40cae3bede175 + * g10/parse-packet.c (parse_ring_trust): Fix condition. + + g10: Minor fixes. + + commit 0dec0cc281dfa26db89f8cc5ee002dea5c2b2e81 + * g10/export.c (cleartext_secret_key_to_openpgp): No initialization. + (do_export_one_keyblock): Initialize with GPG_ERR_NOT_FOUND. + * g10/getkey.c (get_best_pubkey_byname): Add non-null check. + * g10/tofu.c (tofu_set_policy): ERR initialize to 0. + + g10: Fix import/export filter property match. + + commit af5f8ecf51f5e1f33e832d4946d02313b78a0536 + * g10/import.c (impex_filter_getval): Fix to "else if". + +2017-04-14 NIIBE Yutaka <gniibe@fsij.org> + + agent: Clean up error initialize/return. + + commit 36c4e540f1a4992675ee6e0acca1231325457079 + * agent/call-pinentry.c (start_pinentry): Return RC. + * agent/command-ssh.c (ssh_handler_request_identities): Don't set ERR. + * agent/findkey.c (try_unprotect_cb): Return ERR. + (unprotect): Don't set RC. + * agent/gpg-agent.c (handle_connections): Don't set fd. + + dirmngr: More fix for test program. + + commit adb77d095b3958482863a17c83746f33945638dc + * dirmngr/t-http.c (main): Care about no TLS. + + dirmngr: More fix for Windows. + + commit 4771bad610eb59e701fe8e53468e2af22d45eeb0 + * dirmngr/http.c (simple_cookie_read, simple_cookie_write): Only + valid with HTTP_USE_NTBTLS. + (_my_socket_new): Simply cast to int since it's for debug. + (_my_socket_ref, _my_socket_unref): Likewise. + +2017-04-13 NIIBE Yutaka <gniibe@fsij.org> + + dirmngr: Fix http.c for sockaddr_storage. + + commit 86dcb03134fd4957d51ebaa06b7991239f9ee56a + dirmngr/http.c (use_socks): Use sockaddr_storage. + (my_sock_new_for_addr, connect_server): Likewise. + + dirmngr: Fix alignment of ADDR. + + commit 892b33bb2c57785927ea6652091191da2deed464 + * dirmngr/dns-stuff.h (dns_addrinfo_s): Use struct sockaddr_storage + for size and alignment. + * dirmngr/dns-stuff.c (resolve_name_libdns): Follow the change. + (resolve_dns_name): Use struct sockaddr_storage. + (resolve_addr_standard, resolve_dns_addr): Likewise. + (resolve_dns_addr): Likewise. + + dirmngr: Fix thread key type. + + commit 37018adce6ea4920b34d59afcfe4f55f716b3086 + * dirmngr/dirmngr.c (my_tlskey_current_fd): Use npth_key_t. + + common, g10: Fix enumeration types. + + commit 74258278efacd7069e8c1df8ff6fc3f4675d713e + * common/openpgpdefs.h (CIPHER_ALGO_PRIVATE10, PUBKEY_ALGO_PRIVATE10) + (DIGEST_ALGO_PRIVATE10, COMPRESS_ALGO_PRIVATE10): New. + * g10/misc.c (map_pk_gcry_to_openpgp): Add type conversion. + (map_cipher_openpgp_to_gcry, openpgp_cipher_algo_name) + (openpgp_pk_test_algo2, map_md_openpgp_to_gcry) + (pubkey_get_npkey): Add default handling. + + dirmngr: More fix for Windows. + + commit 5af104b541ed430a54eb0163a1d29e1d043f9377 + * dirmngr/dns.c (socket_fd_t, STDCALL): New. + (dns_te_initname): Use. + +2017-04-12 NIIBE Yutaka <gniibe@fsij.org> + + dirmngr: Fix type of sock. + + commit 6755b3b505f79a5a233b18e85f57a0d3a455e664 + * dirmngr/http.c (send_request): Use assuan_fd_t for SOCK. + + tools: Fix condition for gpg-connect-agent. + + commit f52f6af834cc488d11612e349e4af023d69a45f4 + * tools/gpg-connect-agent.c (start_agent): Add paren. + + dirmngr: Fix possible null reference. + + commit 7ae1857c90ab43ad9e31f0fb6dbd37f25cc37278 + * dirmngr/dns.c (dns_error_t dns_trace_fput): Check NULL. + + common: Simplify format_text. + + commit 7b4edf14bb16fbe786e55b829a208960396ce8df + * common/stringhelp.c (format_text): Don't allow IN_PLACE formatting. + * common/stringhelp.h: Change the API with no IN_PLACE. + * common/t-stringhelp.c (test_format_text): Follow the change. + * g10/gpgcompose.c (show_help): Likewise. + * g10/tofu.c (format_conflict_msg_part1, ask_about_binding) + (show_statistics, show_warning): Likewise. + + gpgscm: Fix test program. + + commit 7f9032d4a8ce53ce1a972bd3c1f8d20b3776756b + * tests/gpgscm/t-child.c (main): Fix for setmode. + + dirmngr: Fix plus1_ns. + + commit 60d9a9e6b4ae3af029596d14732c02f49203326d + * dirmngr/dns.c (plus1_ns): Fix the initial implementation. + + scd: Handle unexpected suspend/resume by CCID driver. + + commit f053f99ed0b0c6de7b7c4a07cbd7f7d213ddf0db + * scd/ccid-driver.c (bulk_in): Handle unexpected failure. + + dirmngr: Fix dns-stuff.c in another way. + + commit bd0c94939faf8ccfc117fb595e9bc0105edcafa4 + * dirmngr/dns-stuff.c (T_CERT): Define our own. + + Revert "dirmngr: Fix dns-stuff.c." + + commit 0b904ddea8bddaa2fd7893a9dce1df1cb5e36b00 + This reverts commit 1538523156be568046f632d1775eae30ea8bd556. + + dirmngr: Fix dns-stuff.c. + + commit 1538523156be568046f632d1775eae30ea8bd556 + * dirmngr/dns-stuff.c: Don't include arpa/nameser.h. + + agent: Simplify stream_read_cstring. + + commit c64763c3a74ecc61c2f6c5edb679a2a3879d79e7 + * agent/command-ssh.c (stream_read_cstring): Just call + stream_read_string. + + dirmngr: Use a function to increment network short. + + commit 64904ce627b6b0661acf15b5b70103c4842bb0f3 + * dirmngr/dns.c (plus1_ns): New. + (dns_p_push): Use it. + + g10: Minor clean up for export.c. + + commit 05218829589f6d4b09933fa19f568c2019367d5c + * g10/export.c (export_ssh_key): Check IDENTIFIER for error. + Release base64 thing on error of get_membuf. + +2017-04-11 NIIBE Yutaka <gniibe@fsij.org> + + g13: Include sys/sysmacros.h if available. + + commit c3cc9551dcc89cc25c0a0ec16d8eb12c1c221638 + * configure.ac: Add test for sys/sysmacros.h. + * g13/sh-dmcrypt.c: Include sys/sysmacros.h. + +2017-04-11 Justus Winter <justus@g10code.com> + + tests: Fix distcheck. + + commit 00be2a92625e832e8dd621f2a8f72b124c6d50ca + * tests/gpgscm/Makefile.am (EXTRA_DIST): Add 'gnupg.scm'. + + tests: Avoid relying on implicit gpg commands. + + commit cde626e7f7349a73d58ec3236ab3b43dec852bb5 + * tests/openpgp/armdetach.scm: Always use an explicit command instead + of relying on gpg to guess what we want. + * tests/openpgp/armdetachm.scm: Likewise. + * tests/openpgp/armencrypt.scm: Likewise. + * tests/openpgp/armencryptp.scm: Likewise. + * tests/openpgp/armor.scm: Likewise. + * tests/openpgp/armsignencrypt.scm: Likewise. + * tests/openpgp/armsigs.scm: Likewise. + * tests/openpgp/clearsig.scm: Likewise. + * tests/openpgp/compression.scm: Likewise. + * tests/openpgp/conventional-mdc.scm: Likewise. + * tests/openpgp/conventional.scm: Likewise. + * tests/openpgp/decrypt-dsa.scm: Likewise. + * tests/openpgp/decrypt.scm: Likewise. + * tests/openpgp/detach.scm: Likewise. + * tests/openpgp/detachm.scm: Likewise. + * tests/openpgp/ecc.scm: Likewise. + * tests/openpgp/encrypt-dsa.scm: Likewise. + * tests/openpgp/encrypt-multifile.scm: Likewise. + * tests/openpgp/encrypt.scm: Likewise. + * tests/openpgp/encryptp.scm: Likewise. + * tests/openpgp/seat.scm: Likewise. + * tests/openpgp/signencrypt-dsa.scm: Likewise. + * tests/openpgp/signencrypt.scm: Likewise. + * tests/openpgp/sigs-dsa.scm: Likewise. + * tests/openpgp/sigs.scm: Likewise. + + tests: Make tests more robust. + + commit 1b28d9dbe0260b2a4645c4b5caae11d9f375c942 + * tests/openpgp/defs.scm (have-opt-always-trust): Execute in empty + ephemeral home directory. This prevents gpg from picking up the + configuration from the current gnupghome (if any). + * tests/migrations/common.scm (untar-armored): Likewise. + + tests: Move common functionality. + + commit ccd2187212c12b84c86a10fd4417a16536243179 + * tests/openpgp/defs.scm (with-home-directory, + with-ephemeral-home-directory): Move... + * tests/gpgscm/gnupg.scm: ... to this new file. + * tests/gpgscm/main.c (main): Load the new file. + +2017-04-11 NIIBE Yutaka <gniibe@fsij.org> + + dirmngr: Fix build for Windows. + + commit 3133402241167ccad70fa888a47ffcbe04e7b4c5 + * dirmngr/ldap-wrapper-ce.c (outstream_cookie_writer): Use + gpgrt_ssize_t. + + g10,tools: Fix bzlib.h include order. + + commit 03d77b60befa4e2f8437a80ac429cca3e54688f8 + * g10/compress-bz2.c: Include bzlib.h after gcrypt.h. + * tools/gpgsplit.c: Likewise. + + g10: Minor clean up for TOFU. + + commit f079822b2ce06c18b7ea45efed2d29b54e38f04d + * g10/tofu.c (ask_about_binding): Fix for qualifier. + + common: Portability fix for logging.c. + + commit 456c5cdb2d72bba77e2a30c8fdb1c1cebbe9b1d2 + * common/logging.c (S_IRGRP, S_IWGRP, S_IROTH, S_IWOTH): Avoid + duplicated definition. + + tools: Portability fix for gpgparsemail. + + commit a1446163d584cdc3003c7d5b5fc6d74737c1732d + * tools/rfc822parse.c (my_stpcpy): Rename from stpcpy. + +2017-04-10 Justus Winter <justus@g10code.com> + + gpgscm: Fix opcode dispatch. + + commit 1b6adab41d386b587f65e5c6f14a63859ac1226b + * tests/gpgscm/scheme.c (opexe_0): Consider 'op', not 'sc->op'. The + former is the opcode we are currently executing. + + gpgscm: Mmap script files. + + commit c7f0d90592fd0348a3818ac897f91e6859584146 + * tests/gpgscm/main.c (load): Try to mmap the script. + * tests/gpgscm/scheme.c (scheme_load_memory): New function, a + generalization of 'scheme_load_string'. + * tests/gpgscm/scheme.h (scheme_load_memory): New prototype. + + gpgscm: Refactor checking for opcode arguments. + + commit f3d1f6867792deeb9a2a63744ee9b076c41c58f3 + * tests/gpgscm/scheme.c (op_code_info): Fix type, add forward + declaration. + (check_arguments): New function. + (Eval_cycle): Use the new function. + + gpgscm: Improve syntax dispatch. + + commit b628e62b5b9f7ed5cbb1bfe34727b5ee8129f7d4 + * tests/gpgscm/scheme.c (assign_syntax): Add opcode parameter, store + opcode in the tag. + (syntaxnum): Add sc parameter, retrieve opcode from tag. + (opexe_0): Adapt callsite. + (scheme_init_custom_alloc): Likewise. + + gpgscm: Make tags mandatory. + + commit a1ad5d6a30cf72d9b7e7bb449985dc69d5e01c4b + * tests/gpgscm/opdefines.h: Make tags mandatory. + * tests/gpgscm/scheme.c: Likewise. + * tests/gpgscm/scheme.h: Likewise. + + gpgscm: Add and use opcode for reversing a list in place. + + commit e1bb9326dc381ae2711a81ab621e21a66388bcbd + * tests/gpgscm/lib.scm (string-split-pln): Use 'reverse!'. + (string-rtrim): Likewise. + * tests/gpgscm/opdefines.h (reverse!): New opcode. + * tests/gpgscm/scheme.c (opexe_0): Handle new opcode. + + gpgscm: Deduplicate code. + + commit 3e91019a92b9bb3bb5a8cd62336b4cf65964e45b + * tests/gpgscm/scheme.c (oblist_add_by_name): Deduplicate. + (new_slot_spec_in_env): Likewise. + + gpgscm: Move dispatch table into rodata. + + commit 7dff6248bddd5583988ac562318cf0d76a409d0e + * tests/gpgscm/opdefines.h: Use 0 instead of NULL. + * tests/gpgscm/scheme.c (op_code_info): Use char arrays instead of + pointers, make arity parameters smaller. + (INF_ARG): Adapt. + (_OP_DEF): Likewise. + (dispatch_table): Likewise. + (procname): Likewise. + (Eval_cycle): Likewise. + (scheme_init_custom_alloc): Likewise. + + gpgscm: Use more threaded code. + + commit 6f217d116d1a12c6093bb253dbfa349bc81bc90b + * tests/gpgscm/scheme.c (opexe_0): Use 's_thread_to' instead of + 's_goto' wherever possible. + + gpgscm: Remove now obsolete dispatcher function from the opcodes. + + commit e7ed9822e20ee4bbb4cdd9eca8121b4ade87e5ce + * tests/gpgscm/opdefines.h: Remove now obsolete dispatcher function + from the opcodes. + * tests/gpgscm/scheme-private.h (_OP_DEF): Adapt. + * tests/gpgscm/scheme.c (dispatch_func): Remove type declaration. + (op_code_info): Remove 'func'. + (_OP_DEF): Adapt. + (Eval_Cycle): Always call 'opexe_0'. + + gpgscm: Merge 'opexe_6'. + + commit ddf444828b9b3f75d964473a2c0e77f75f094cf4 + * tests/gpgscm/scheme.c (opexe_6): Merge into 'opexe_0'. + * tests/gpgscm/opdefines.h: Adapt. + + gpgscm: Merge 'opexe_5'. + + commit 1379df44537b67b7c2fbc0fb5bc6f7945a5d7ebb + * tests/gpgscm/scheme.c (opexe_5): Merge into 'opexe_0'. + * tests/gpgscm/opdefines.h: Adapt. + + gpgscm: Merge 'opexe_4'. + + commit 4f835104b9475e7d585d859b85e7d0d4cfe9aab3 + * tests/gpgscm/scheme.c (opexe_4): Merge into 'opexe_0'. + * tests/gpgscm/opdefines.h: Adapt. + + gpgscm: Merge 'opexe_3'. + + commit d591ab65d37ee467ca91ad851ab236f2985c1ee2 + * tests/gpgscm/scheme.c (opexe_3): Merge into 'opexe_0'. + * tests/gpgscm/opdefines.h: Adapt. + + gpgscm: Merge 'opexe_2'. + + commit 6cad38228f6ebfdc8e52960223b492597aff26a0 + * tests/gpgscm/scheme.c (opexe_2): Merge into 'opexe_0'. + * tests/gpgscm/opdefines.h: Adapt. + + gpgscm: Merge 'opexe_1'. + + commit 154af876f05b773bf3a860fcb4cc41066da27beb + * tests/gpgscm/scheme.c (opexe_1): Merge into 'opexe_0'. + * tests/gpgscm/opdefines.h: Adapt. + +2017-04-10 NIIBE Yutaka <gniibe@fsij.org> + + agent: Use "ll" length specifier when time_t is larger. + + commit 170660ed11b56145dea4865e751ae5aff1681fe2 + * agent/command.c (cmd_keytocard): Use KEYTOCARD_TIMESTAMP_FORMAT. + + scd: Relax a condition for p15 driver. + + commit 7501f2e9c4e6fd94a191b381d52ec2fe1d103e29 + * scd/app-p15.c (read_ef_aodf): Fix. + + scd: Relax a condition for p15 driver. + + commit 3c1ad96f1ce838daf2d861b33e6611f6d3043d25 + * scd/app-p15.c (read_ef_aodf): Remove possibly redundant condition. + + scd: Remove "special transport" support. + + commit 34199ef677bb40eadf0da696a111f7036bc3187e + * scd/ccid-driver.c (transports, my_sleep, prepare_special_transport) + (writen): Remove. + (ccid_dev_scan, ccid_dev_scan_finish, ccid_get_BAI): Only for USB. + (ccid_open_reader, do_close_reader, bulk_out, bulk_in, abort_cmd) + (ccid_poll, ccid_transceive): Likewise. + +2017-04-07 Justus Winter <justus@g10code.com> + + gpgscm: Allocate small integers in the rodata section. + + commit 8640fa880d7050917f4729f2c0cb506e165ee446 + * tests/gpgscm/Makefile.am (gpgscm_SOURCES): Add new file. + * tests/gpgscm/scheme-private.h (struct cell): Move number to the top + of the union so that we can initialize it. + (struct scheme): Remove 'integer_segment'. + * tests/gpgscm/scheme.c (initialize_small_integers): Remove function. + (small_integers): New variable. + (MAX_SMALL_INTEGER): Compute. + (mk_small_integer): Adapt. + (mark): Avoid marking objects already marked. This allows us to run + the algorithm over objects in the rodata section if they are already + marked. + (scheme_init_custom_alloc): Remove initialization. + (scheme_deinit): Remove deallocation. + * tests/gpgscm/small-integers.h: New file. + + gpgscm: Make global data constant when possible. + + commit c9c3fe883271868d3b2dd287d295cf6a8f8ffc05 + * tests/gpgscm/scheme-private.h (struct scheme): Make 'vptr' const. + * tests/gpgscm/scheme.c (num_zero): Statically initialize and turn + into constant. + (num_one): Likewise. + (charnames): Change type so that it can be stored in rodata. + (is_ascii_name): Adapt slightly. + (assign_proc): Make argument const char *. + (op_code_info): Make some fields const char *. + (tests): Make const. + (dispatch_table): Make const. At least it can be made read-only after + relocation. + (Eval_Cycle): Adapt slightly. + (vtbl): Make const. + + gpgscm: Remove arbitrary limit on number of cell segments. + + commit 56638c28adc1bbe9fc052b92549a50935c0fe99c + * tests/gpgscm/scheme-private.h (struct scheme): Remove fixed-size + arrays for cell segments, replace them with a pointer to the new + 'struct cell_segment' instead. + * tests/gpgscm/scheme.c (struct cell_segment): New definition. + (_alloc_cellseg): Allocate the header within the segment, return a + pointer to the header. + (_dealloc_cellseg): New function. + (alloc_cellseg): Insert the segments into a list. + (_get_cell): Allocate a new segment if less than a quarter of + CELL_SIGSIZE is recovered during garbage collection. + (initialize_small_integers): Adapt callsite. + (gc): Walk the list of segments. + (scheme_init_custom_alloc): Remove initialization of removed field. + (scheme_deinit): Adapt deallocation. + + gpgscm: Fix compact vector encoding. + + commit bf8b5e9042b3d86d419b2ac1987a9298c9d21500 + * tests/gpgscm/scheme-private.h (struct cell): Use uintptr_t for + '_flags'. This way, '_flags' has the size of a machine word. + +2017-04-07 Werner Koch <wk@gnupg.org> + + gpg: Fix printing of offline taken subkey. + + commit 547bc01d57528ecc27b3b5e16797967a7f88fecf + * g10/keylist.c (list_keyblock_print): Set SECRET to 2 and not 0x32. + +2017-04-07 NIIBE Yutaka <gniibe@fsij.org> + + scd: Internal CCID reader cleanup. + + commit cc420d34880e2a050b39f969873974cfc35fa5c3 + * scd/ccid-reader.c (scan_usb_device): Only for scan mode, so, rename + from scan_or_find_usb_device. + (scan_devices): Likewise. Remove support of special transport types. + (ccid_get_reader_list): Simplify. + (abort_cmd): Fix error return. + (send_escape_cmd): Fix for RESULTLEN == NULL. + (ccid_transceive_secure): Remove unnecessary var updates. + + scd: Don't keep CCID reader open when card is not available. + + commit 3c93595d701c59cbc9b67a7fd0bcde7ee0fada1a + * scd/apdu.c (open_ccid_reader): Fail if no ATR. + + agent: Serialize access to passphrase cache. + + commit ebe12be034f052cdec871f0d8ad1bfab85d7b943 + * agent/cache.c (encryption_lock): Remove. + (cache_lock): New. Now, we have coarse grain lock to serialize + entire cache access. + (initialize_module_cache): Use CACHE_LOCK. + (init_encryption, new_data): Remove ENCRYPTION_LOCK. + (agent_flush_cache, agent_put_cache, agent_get_cache): Lock the cache. + +2017-04-06 Justus Winter <justus@g10code.com> + + gpgscm: Avoid mutating integer. + + commit f1dc34f502a68673e7a29f3fcf57b8dc6a4fac89 + * tests/gpgscm/scheme.c (opexe_5): Do not modify the integer in-place + while printing an vector. Integer objects may be shared, so they must + not be mutated. + + gpgscm: Initialize unused slots in vectors. + + commit b83903f59ec5d49ac579f263da70ebc8dc3645b5 + * tests/gpgscm/scheme.c (get_vector_object): Initialize unused slots + at the end of vectors. + + tests: Fix distcheck. + + commit 23f00f109ddba595db4f73a6182750177c7dd75d + * tests/Makefile.am (SUBDIRS): Add 'pkits' again. Simply dropping it + makes 'make distcheck' unhappy. + * tests/pkits/Makefile.am (TESTS): Remove all tests. + + tests: Disable 'pkits' test suite. + + commit af1c1a57e46a00a32d83c1a58c5f3ef6f4a1c1d1 + * tests/Makefile.am (SUBDIRS): Drop 'pkits'. + * tests/pkits/common.sh: Fix locating 'PKITS_data.tar.bz2'. + * tests/pkits/inittests: Likewise. + + tests: Make test more robust. + + commit 94645311f8a3e9ae33643512f87fbef41bf0556f + * tests/openpgp/4gb-packet.scm: Skip if we do not have BZIP2. + * tests/openpgp/defs.scm (have-compression-algo?): New function. + +2017-04-05 Justus Winter <justus@g10code.com> + + tests: Fix setup of ephemeral home directories. + + commit 01e84d429aeeb1450012ff0576a6a24de50693c6 + * tests/openpgp/defs.scm (with-ephemeral-home-directory): Set + GNUPGHOME and cwd to the ephemeral directory before calling the setup + function. + +2017-04-04 Justus Winter <justus@g10code.com> + + tests: Fix setup of ephemeral home directories. + + commit 32b75fb7743f35936d7014fce33c90ba97dfa374 + * tests/openpgp/defs.scm (with-ephemeral-home-directory): Create + configuration files when we enter the context. + * tests/openpgp/setup.scm: Do not use an ephemeral home directory. + Tests should always use the cwd. + * tests/gpgsm/setup.scm: Likewise. + * tests/gpgsm/export.scm: Add explicit constructor function. + * tests/openpgp/decrypt-session-key.scm: Likewise. + * tests/openpgp/decrypt-unwrap-verify.scm: Likewise. + + gpgscm: Fix copying values. + + commit 6261611d3786f19fd84ccc79f45a89cadac518e8 + * tests/gpgscm/scheme.c (copy_value): New function. + (mk_tagged_value): Use new function. + (opexe_4): Likewise for OP_SAVE_FORCED. + + gpgscm: Simplify get-output-string operation. + + commit a80d4a9b50ad47eae1f8c740dd73804311e38783 + * tests/gpgscm/scheme.c (opexe_4): Simplify 'get-output-string'. + + gpgscm: Simplify substring operation. + + commit d858096c99705ccf2e115475f81c4cf88edbeebf + * tests/gpgscm/scheme.c (opexe_2): Simplify 'substring'. + +2017-04-04 NIIBE Yutaka <gniibe@fsij.org> + + agent: Minor fix for get_client_pid. + + commit 5744d2038bd17b8b1be4e73d0ad3bc41772efe96 + * agent/command-ssh.c (get_client_pid): Use 0 to initialize. + +2017-04-03 Werner Koch <wk@gnupg.org> + + Release 2.1.20. + + commit e7eb9b12deaf7ebe26967bfb56e980b7efeebdc3 + + + dirmngr: New option --disable-ipv6. + + commit 3533b854408fa93734742b2ee12b62aa0d55ff28 + * dirmngr/dirmngr.h (struct opt): Add field 'disable_ipv6'. + * dirmngr/dirmngr.c (oDisableIPv6): New const. + (opts): New option --disable-ipv6. + (parse_rereadable_options): Set that option. + * dirmngr/dns-stuff.c (opt_disable_ipv6): New var. + (set_dns_disable_ipv6): New. + (resolve_name_standard): Make use of it. + * dirmngr/ks-engine-finger.c (ks_finger_fetch): Take care of + OPT.DISABLE_IPV6. + * dirmngr/ks-engine-hkp.c (map_host): Ditto. + (send_request): Ditto. + * dirmngr/ks-engine-http.c (ks_http_fetch): Ditto. + * dirmngr/ocsp.c (do_ocsp_request): Ditto. + + dirmngr,w32: Silence the 'certificate already cached' message. + + commit fce36d7ec87be14b874813db277781c87a64ea87 + * dirmngr/certcache.c (load_certs_from_w32_store): Silenece an info + message. + + dirmngr: Handle EIO which is sometimes returned by cookie functions. + + commit cc32ddbcba8c53d3e2cad952d72f62dc73911042 + * dirmngr/ks-engine-hkp.c (handle_send_request_error): Handle EIO. + + dirmngr: Always print a warning for a missing /etc/hosts. + + commit 35c843c815306f36d1efbc52f5e2f6bac3f67aec + * dirmngr/dns-stuff.c (libdns_init): No Windows specific handling of a + missing /etc/hosts. + + dirmngr: Do not assume that /etc/hosts exists. + + commit 5d873f288e86edfb684f4dd57ac36466b06494a4 + * dirmngr/dns-stuff.c (libdns_init): Do not bail out. + + po: Update the German translation. + + commit c7be01dae914c183dd99bd531a388c794d858c61 + + + gpgconf: Add --enable-extended-key-format for the agent. + + commit d23052b04ebb0ac731aa351650c4084f080c640b + * tools/gpgconf-conf.c: Add option. + * agent/gpg-agent.c (main) <aGPGConfList>: Add option. + +2017-04-03 Justus Winter <justus@g10code.com> + + gpgscm: Slightly improve the procedure dispatch. + + commit 90932bdad607d06f4f040e3457caddba79ba8b7e + * tests/gpgscm/scheme.c (procnum): Procedures always have an integer + number, so we can safely use the cheaper 'ivalue_unchecked'. + +2017-04-03 Werner Koch <wk@gnupg.org> + + gpg: Handle critical marked 'Reason for Revocation'. + + commit 3f6d949011f485613bb4bd3e06a2643be79cce40 + * g10/parse-packet.c (can_handle_critical): Add + SIGSUBPKT_REVOC_REASON. + +2017-04-02 Werner Koch <wk@gnupg.org> + + agent: Use OCB for key protection with --enable-extended-key-format. + + commit d24375271b97e45deaeb1ef0a8434c64066ba2e8 + * agent/protect.c (PROT_DEFAULT_TO_OCB): Remove macro. + (agent_protect): Make the default protection mode depend on the extend + key format option. + +2017-04-01 Werner Koch <wk@gnupg.org> + + kbx: Unify blob reading functions. + + commit 0039d7107bcdfce6f3b02b46ff0495cfba07882a + * kbx/keybox-file.c (_keybox_read_blob): Remove. + (_keybox_read_blob2): Rename to .... + (_keybox_read_blob): this. Make arg options. Change all callers. + * kbx/keybox-search.c (keybox_search): Factor fopen call out to ... + (open_file): new. + (keybox_seek): Als use open_file. + +2017-03-31 Werner Koch <wk@gnupg.org> + + gpg: Avoid multiple open calls to the keybox file. + + commit 5556eca5acd46983bff0b38a1ffbc2f07fbaba9f + * g10/keydb.h (KEYDB_HANDLE): Move typedef to ... + * g10/gpg.h: here. + (struct server_control_s): Add field 'cached_getkey_kdb'. + * g10/gpg.c (gpg_deinit_default_ctrl): Release that keydb handle. + * g10/getkey.c (getkey_end): Cache keydb handle. + (get_pubkey): Use cached keydb handle. + * kbx/keybox-search.c (keybox_search_reset): Use lseek instead of + closing the file. + + gpg: Pass CTRL also to getkey_end. + + commit aca5f494a88776d4974bfa9b0b65cb60c1b42040 + * g10/getkey.c (getkey_end): Add arg CTRL. Change all callers. + + gpg: Print more stats for the keydb and the signature cache. + + commit 3a10de3bfd785aefb0150e82b6dbbc7cb9f208c8 + * g10/sig-check.c (sig_check_dump_stats): New. + (cache_stats): New struct. + (check_key_signature2): Update stats. + * g10/gpg.c (g10_exit): Call new function. + * g10/keydb.c (kid_not_found_cache_count): Replace by ... + (kid_not_found_stats): ... new struct. Change users. + (keydb_stats): New struct. Update the counters. + (keydb_dump_stats): Print all stats. + + gpg: Assert that an opaque parameter is really what we expect. + + commit 52ba5e67cad4311d0ddbc4f2979e20afd0161d1f + * g10/gpg.h (SERVER_CONTROL_MAGIC): New const. + (server_control_s): Add field 'magic'. + * g10/gpg.c (gpg_init_default_ctrl): Init MAGIC. + * g10/import.c (impex_filter_getval): Assert MAGIC. + +2017-03-30 Justus Winter <justus@g10code.com> + + gpg: Consistent use of preprocessor conditionals. + + commit 5e89144cbca36c1e7eb814b3aad4b7c46cd4efbf + * g10/parse-packet.c: Use '#if' instead of '#ifdef' when checking + DEBUG_PARSE_PACKET. This fixes the build with '#define + DEBUG_PARSE_PACKET 0'. + + common: Avoid undefined behavior. + + commit 214fa9012296d796b78f1a3106d656639cf50aef + * common/iobuf.c (iobuf_read_line): Do not consider 'length' if + 'buffer' is NULL. + +2017-03-30 Werner Koch <wk@gnupg.org> + + gpg: Remove the use of the signature information from a KBX. + + commit a6142dbdbc5783043deb847dc64998c421860941 + * g10/keydb.c (keyblock_cache): Remove field SIGSTATUS. + (keyblock_cache_clear): Adjust for that removal. + (parse_keyblock_image): Remove arg SIGSTATUS. Remove the signature + cache setting; this is now done in the parser. + (keydb_get_keyblock): Do not set SIGSTATUS. + (build_keyblock_image): Remove arg SIGSTATUS and simplify. Change + caller. + * kbx/keybox-blob.c: Explain that the signature information is not + anymore used. + (_keybox_create_openpgp_blob): Remove arg SIGSTATUS and change + callers. + * kbx/keybox-search.c (keybox_get_keyblock): Remove arg R_SIGSTATUS + and change callers. + * kbx/keybox-update.c (keybox_insert_keyblock): Likewise. + + gpg: Fix actual leak and possible leaks in the packet parser. + + commit 7bf24e8146116a30c4c9d7b6dbf8bbb27fc35971 + * g10/packet.h (struct parse_packet_ctx_s): Change LAST_PKT deom a + pointer to its struct. + (init_parse_packet): Adjust for LAST_PKT not being a pointer. + * g10/parse-packet.c (parse): Ditto. Free the last packet before + storing a new one in case of a deep link. + (parse_ring_trust): Adjust for LAST_PKT not being a pointer. + * g10/free-packet.c (free_packet): Ditto. + * g10/t-keydb-get-keyblock.c (do_test): Release keyblock. + + gpg: Fix export porting of zero length user ID packets. + + commit 64665404e43051fa50ee030766347e24b7d1e4d5 + * g10/build-packet.c (do_user_id): Avoid indeterminate length header. + + gpg: Revamp reading and writing of ring trust packets. + + commit a8895c99a7d0750132477d80cd66caaf3a709113 + * g10/parse-packet.c (parse_trust): Rename to ... + (parse_ring_trust): this. Change args and implement new ring trust + packet format. + (parse): Add special ring trust packet handling. + * g10/packet.h (PKT_user_id): New fields KEYUPDATE, UPDATEURL, and + KEYSRC. + (PKT_public_key): Ditto. + (RING_TRUST_SIG, RING_TRUST_KEY, RING_TRUST_UID): New consts. + (PKT_ring_trust): New. + (struct packet_struct): Remove member RING_TRUST. + (strcu parse_packet_ctx_s): Add field SKIP_META. + (init_parse_packet): Init SKIPT_META. + * g10/free-packet.c (release_public_key_parts): Free UDPATEURL. + (free_user_id): Ditto. + * g10/mainproc.c (list_node): Remove printing of non-documented "rtv" + lines. + * g10/build-packet.c (build_packet_and_meta): New. + (do_ring_trust): New. + * g10/export.c (write_keyblock_to_output): Use build_packet_and_meta + in backup mode. + (do_export_one_keyblock): Ditto. + * g10/import.c (read_block): Add arg WITH_META. Skip ring trust + packets if that ism not set. + (import): Call read_block WITH_META in restore mode. + * g10/keydb.h (KEYSRC_UNKNOWN, KEYSRC_FILE, KEYSRC_KS, KEYSRC_PREF_KS) + (KEYSRC_WKD, KEYSRC_WKD_SD, KEYSRC_DANE): New constants. They are not + yet used, though. + * g10/keydb.c (parse_keyblock_image): Allow ring trust packets. + (build_keyblock_image): Ditto. Use build_packet_and_meta. + * g10/keyring.c (keyring_get_keyblock): Remove specila treatment of + ring trust packets. + (write_keyblock): Use build_packet_and_meta. Remove special treatment + of ring trust packets and initialization of the signature caches. + +2017-03-29 Werner Koch <wk@gnupg.org> + + gpg: Extend free_packet to handle a packet parser context. + + commit afa86809087909a8ba2f9356588bf90cc923529c + * g10/packet.h (struct parse_packet_ctx_s): Add fields LAST_PKT and + FREE_LAST_PKT. + (init_parse_packet): Clear them. + (deinit_parse_packet): New macro. Change all users if + init_parse_packet to also call this macro. + * g10/free-packet.c (free_packet): Add arg PARSECTX and handle shallow + packet copies in the context. Change all callers. + * g10/parse-packet.c (parse): Store certain packets in the parse + context. + + gpg: Change parse_packet to take a context. + + commit 0526c99164d3531b5ec763ffc672407eb24b2296 + * g10/packet.h (struct parse_packet_ctx_s): New. + (parse_packet_ctx_t): New type. + (init_parse_packet): New macro. + * g10/parse-packet.c (parse_packet, dbg_parse_packet): Change to take + a parse context. Change all callers to provide a context instead of + directly supplying the input stream. + (search_packet, dbg_search_packet): Ditto. + (copy_all_packets, dbg_copy_all_packets): Init an use a parse context. + (copy_some_packets, dbg_copy_some_packets): Ditto. + (skip_some_packets, dbg_skip_some_packets): Ditto. + + gpg: Export ring trust packets in backup mode. + + commit f5b565a5b8de3f2a3d98bc1a655e18333aee223b + * g10/export.c (write_keyblock_to_output): Export ring trust packets. + +2017-03-28 Justus Winter <justus@g10code.com> + + tests,w32: Fix importing the extra key for GPGME's keylist test. + + commit b20780658ebb1e1245db18c04db3e815399cf706 + * tests/gpgme/wrap.scm: Qualify the tests name with the extension for + executables (if any). + +2017-03-28 Werner Koch <wk@gnupg.org> + + gpg: Prepare for listing last_update and key origin data. + + commit 4af389c9721fa534ed06a64b80705b631575c775 + * g10/keylist.c (list_keyblock_colon): Add empty fields 19 and 20. + +2017-03-28 Justus Winter <justus@g10code.com> + + tests: Fix distcheck. + + commit 5128cd74c029d57491a79ca9e918c81facdf1b76 + * tests/openpgp/Makefile.am (sample_msgs): Add all missing sample + messages. + + tests: Add test for '--decrypt --unwrap'. + + commit 211d71f19c24da94f4c58014606125c1a29d86a2 + * tests/openpgp/Makefile.am (XTESTS): Add new test. + * tests/openpgp/decrypt-unwrap-verify.scm: New file. + + g10: Fix memory leak. + + commit 6d3edfd972c1114f43f6b35773dc25e0256f48f4 + * g10/decrypt-data.c (decrypt_data): Free 'filename'. + +2017-03-27 Justus Winter <justus@g10code.com> + + common: Fix connecting to the agent. + + commit caf00915532e6e8e509738962964edcd14fb0654 + * common/homedir.c (_gnupg_socketdir_internal): Fix error handling. + +2017-03-27 NIIBE Yutaka <gniibe@fsij.org> + + g10: Support specifying SERIALNO for --card-status. + + commit c1e6302b347caf852a056b9c721469ccb51f44da + * g10/gpg.c (main): Allow an argument for --card-status. + * g10/card-util.c (current_card_status): Rename from card_status. + (card_status): New, which supports multiple cards. + (get_one_name): Use current_card_status. + + scd: Change the order of applications when accessed. + + commit d58275703f035e8cfd58cd1c2d0d5ac7dc59e110 + * scd/app.c (select_application): Move the app to top. + + scd: Fix timeout handling for key generation. + + commit 0848cfcce738150b53bfb65b78efc1e6dc9f3d26 + * scd/ccid-driver.c (CCID_CMD_TIMEOUT): Back to original value. + (CCID_CMD_TIMEOUT_LONGER): New. + (ccid_transceive): Add kludge for key generation. + +2017-03-24 Werner Koch <wk@gnupg.org> + + gpg: Improve check for already compressed packets. + + commit 0b3770c421a35b64823a805fa8d49ddd5c653d50 + * common/miscellaneous.c (is_openpgp_compressed_packet): New. + (is_file_compressed): Rerad 2 more bytes and call new function. + + agent: New option --enable-extended-key-format. + + commit 2c237c13628a88ba23742da34ea18d3e205d7c53 + * agent/gpg-agent.c (oEnableExtendedKeyFormat): New const. + (opts): New option --enable-extended-key-format. + (parse_rereadable_options): Set option + * agent/findkey.c (write_extended_private_key): Add arg 'update'. + (agent_write_private_key): Implement new option. + + agent: New option --stub-only for DELETE_KEY. + + commit 6fab7bba879d7794e32112cf3eddd8d87130a5d7 + * agent/findkey.c (agent_delete_key): Add arg 'only_stubs'. + * agent/command.c (cmd_delete_key): Add option --stub-only. + +2017-03-23 Werner Koch <wk@gnupg.org> + + common: Implicitly do a gpgconf --create-socketdir. + + commit 26086b362ff47d21b1abefaf674a6464bf0a8921 + * common/homedir.c (_gnupg_socketdir_internal): Create the + sub-directory. + + tests: Use gpgconf to stop the agent. + + commit 2c9d9ac55ea455a5ec26428989dced0311ed46cc + * tests/openpgp/defs.scm (stop-agent): Swap order of actions. Kill + all daemons using gpgconf. + * tools/gpgconf.c (main) <aRemoveSocketDir>: Try to remove known + socketfails on rmdir failure. Do no fail for ENONET. + +2017-03-23 Justus Winter <justus@g10code.com> + + gpgscm: Make test cleanup more robust. + + commit 178b6314ab2d2268873067314744c8af74dc331e + * tests/gpgscm/tests.scm (mkdtemp-autoremove): New function that + cleans up at interpreter shutdown. + (run-tests-parallel): Use the new function. + (run-tests-sequential): Likewise. + (make-environment-cache): Execute setup with an temporary working + directory. + +2017-03-21 Justus Winter <justus@g10code.com> + + tests: Test '--quick-set-primary-uid'. + + commit fde885bbc47a4bf14a8570ac62e68adc8cf47a6e + * tests/openpgp/quick-key-manipulation.scm: Test + '--quick-set-primary-uid'. + + tests,w32: Use GetTempPath to get the path for temporary files. + + commit d17840c3f40111beaf97d96ad3ca52047976e221 + * tests/gpgscm/ffi.c (do_get_temp_path): New function. + (ffi_init): Make function available. + * tests/gpgscm/tests.scm (mkdtemp): Use the new function. + +2017-03-21 Werner Koch <wk@gnupg.org> + + gpg: New command --quick-set-primary-uid. + + commit 74c1f30ad6616186f0ab9dbaf34db6c17b1e40c4 + * g10/gpg.c (aQuickSetPrimaryUid): New const. + (opts): New command --quick-set-primary-uid. + (main): Implement it. + * g10/keyedit.c (keyedit_quick_adduid): Factor some code out to ... + (quick_find_keyblock): new func. + (keyedit_quick_revuid): Use quick_find_keyblock. + (keyedit_quick_set_primary): New. + +2017-03-21 Justus Winter <justus@g10code.com> + + dirmngr: Fix error handling. + + commit 483c1288a8f86dc6bf93d0d3f2865ecc246aecba + * dirmngr/dns-stuff.c (libdns_init): Convert error before printing it. + + dirmngr: Load the hosts file into libdns. + + commit 88f1505f0613894d5544290a170119eb538921e5 + * dirmngr/dns-stuff.c (libdns_init): Actually load the hosts file into + libdns. + + tests: Create temporary directories in '/tmp'. + + commit 06f1f163e96f1039304fd3cf565cf9de1ca45849 + * tests/gpgscm/tests.scm (mkdtemp): Create temporary directories in + '/tmp' on UNIX, or in '%Temp' on Windows. + * tests/migrations/common.scm (run-test): Turn error into a warning. + * tests/openpgp/defs.scm (start-agent): Likewise. + +2017-03-20 Justus Winter <justus@g10code.com> + + tests: Remove debugging remnants. + + commit ceb4b245752bb1fb43fde7e99f8d904ab8a9b5e2 + * tests/gpgme/gpgme-defs.scm (run-python-tests?): Remove 'trace's. + + tests: Fail if we cannot create the socket directory. + + commit d75d20909d9f60d33ffd210def92278c0f383aad + * tests/migrations/common.scm (run-test): Turn warning into an error. + * tests/openpgp/defs.scm (start-agent): Likewise. + +2017-03-20 Werner Koch <wk@gnupg.org> + + gpg: Add new field no 18 to the colon listing. + + commit fe0b37e123ded51cc5f4cb5e3547fdfbce37a43e + * g10/misc.c (gnupg_pk_is_compliant): New. + * g10/keylist.c (print_compliance_flags): New. + (list_keyblock_colon): Call it here. + * sm/keylist.c (print_compliance_flags): New. + (list_cert_colon): Call it here. + + gpg: Remove unused stuff. + + commit e2c63a13e2fa4ce39af8471a34c06d73ff3ee6f6 + * g10/OPTIONS: Remove. + * g10/options.h (struct opt): Remove 'shm_coprocess'. + +2017-03-17 Neal H. Walfield <neal@g10code.com> + + tests: Add test for issue 2959. + + commit fb9d68d636490ca88925051f48b08963c324aed1 + * tests/openpgp/tofu.scm: Add test for --tofu-default-policy=ask. + + gpg: Make sure the conflict set includes the current key. + + commit b1106b4d640325c60a7212a4a44e4f67c0e3312d + * g10/tofu.c (get_trust): Sanity check CONFLICT_SET after calling + get_policy. If POLICY is 'auto' and the default policy is 'ask', make + sure CONFLICT_SET includes the current key. + +2017-03-17 Werner Koch <wk@gnupg.org> + + dirmngr: Ignore warning alerts in the GNUTLS handshake. + + commit 69c521df422a6c9a6b0a93e45c9373a8b6ceb28e + * dirmngr/http.c (send_request) [GNUTLS]: Don't bail out on warning + alerts. + +2017-03-17 Justus Winter <justus@g10code.com> + + gpgscm: Simplify hash tables. + + commit 6a3f857224eab108ae38e6259194b01b0ffdad8b + * tests/gpgscm/scheme.c (oblist_add_by_name): We now always get a + slot. Simplify accordingly. + (oblist_find_by_name): Always return the slot. + (vector_elem_slot): New function. + (new_slot_spec_in_env): We now always get a slot. Remove parameter + 'env'. Simplify accordingly. + (find_slot_spec_in_env): Always return a slot. + (new_slot_in_env): Adapt callsite. + (opexe_0): Likewise. + (opexe_1): Likewise. + (scheme_define): Likewise. + + gpgscm: Remove framework for immediate values. + + commit 38c955599f7c6c20faeec57d8e1df7d2c0eeba18 + * tests/gpgscm/scheme.c (IMMEDIATE_TAG): Remove macro. + (is_immediate): Likewise. + (set_immediate): Likewise. + (clr_immediate): Likewise. + (enum scheme_types): Set the LSB in every value. + (fill_vector): Adapt. + (vector_elem): Likewise. + (set_vector_elem): Likewise. + (mark): Likewise. + (gc): Test for the LSB to tell typeflags apart from pointers stored in + the same memory location. + +2017-03-16 NIIBE Yutaka <gniibe@fsij.org> + + agent,g10: Remove redundant SERIALNO request. + + commit 8c8ce8711d9c938fcb982b0341e6b052742cb887 + * agent/learncard.c (agent_handle_learn): Don't call + agent_card_serialno. Get the serialno in status response. + * g10/call-agent.c (agent_scd_learn): Don't request "SCD SERIALNO". + (agent_scd_serialno): New. + (card_cardlist_cb, agent_scd_cardlist): New. + +2017-03-15 Justus Winter <justus@g10code.com> + + tests: Fix using tools from the build directory. + + commit a98459d3f4ec3d196fb0adb0e90dadf40abc8c81 + * tests/openpgp/defs.scm (gpg-conf'): Explicitly pass the build prefix + to gpgconf here... + (gpg-components): ... instead of only here. + + tests: Dump the tools that the tests are going to use. + + commit c7833eca38fdb8d9ba7b59438ea87d651b8bf7ba + * tests/openpgp/setup.scm: Dump the tools that the tests are going to + use. This will help us diagnose problems with the tests picking the + wrong paths in the future. + + build: Remove '--disable-tools' configuration option. + + commit 6993e42088c191f18468317ba2b5b8fbc8c3edff + * Makefile.am (SUBDIRS): Unconditionally include 'tools'. + * configure.ac: Remove '--disable-tools' configuration option. + +2017-03-15 NIIBE Yutaka <gniibe@fsij.org> + + g10: Fix check of serialno. + + commit 61785b679c542bbd789395fa632eb8b5133b01ad + * g10/card-util.c (card_status): Fix. + + g10: Remove unused function. + + commit ed3248219e921ee24f6f1b2985abb7e0945d70e9 + * g10/call-agent.c (select_openpgp): Remove. + + tests: Fix running python condition. + + commit a672ddec03f96475866d712b28be18b3fab43aef + * tests/gpgme/gpgme-defs.scm (run-python-tests?): We need Python. + +2017-03-14 Justus Winter <justus@g10code.com> + + tests: Skip Python tests if the bindings are not built. + + commit d82abbb1b6e80d5980e6259ddcfc770e65a6b1b3 + * tests/gpgme/wrap.scm (python): Move variable... + * tests/gpgme/gpgme-defs.scm (python): ... here. + (run-python-tests?): New function. + * tests/gpgme/run-tests.scm: Only run Python tests if the bindings can + be located in GPGME's build directory. + +2017-03-13 Werner Koch <wk@gnupg.org> + + gpg: Flush stdout before printing stats with --check-sigs. + + commit 9a77b3b6e41f97b1209ad61c04b3dd33242ecae8 + * g10/keylist.c (print_signature_stats): Flush stdout. + (list_keyblock_colon): Use es_flush instead of fflush. + +2017-03-09 Justus Winter <justus@g10code.com> + + tests: Run the tests for the Python bindings of GPGME. + + commit 046a15a88c83b40a753b4ad7ecc1456efa5b527f + * tests/gpgme/gpgme-defs.scm (create-file): Write lines. + (create-gpgmehome): Extend function to create the right environment + for the Python tests. + * tests/gpgme/run-tests.scm: Make an environment cache for the Python + tests and enable them. + * tests/gpgme/wrap.scm: Do not hardcode the path of the Python + interpreter. + + tests: Rework environment setup. + + commit cca91a3f8f7e3e36b7149fc93f7b6df11d21eb1d + * tests/gpgscm/tests.scm (test::scm): Add a setup argument. + (test::binary): Likewise. + (run-tests-parallel): Remove setup parameter. + (run-tests-sequential): Likewise. + (make-environment-cache): New function that handles the cache + protocol. + * tests/gpgme/run-tests.scm: Adapt accordingly. + * tests/gpgsm/run-tests.scm: Likewise. + * tests/migrations/run-tests.scm: Likewise. + * tests/openpgp/run-tests.scm: Likewise. + +2017-03-08 Werner Koch <wk@gnupg.org> + + wks: Put stdout into binary mode for Windows at another place. + + commit ed5575ec550ff16b0b901a23c6aa3eb3d47b0575 + * tools/wks-util.c (wks_send_mime): Set stdout to binary. + + wks: Put stdout into binary mode for Windows. + + commit 5c83759364272b19ceafbef46d057f0430a12698 + * tools/send-mail.c (send_mail_to_file): Call es_set_binary. + +2017-03-08 Justus Winter <justus@g10code.com> + + build: Use macOS' compatibility macros to enable all features. + + commit dd60e868d2bf649a33dc96e207ffd3b8ae4d35af + * configure.ac: On macOS, use the compatibility macros to expose every + feature of the libc. This is the equivalent of _GNU_SOURCE on GNU + libc. + + g10: Move more flags into the flag bitfield. + + commit 2649fdfff5d9e227025956e015b67502fd4962c4 + * g10/packet.h (PKT_user_id): Move 'is_primary', 'is_revoked', and + 'is_expired' into the flags bitfield, and drop the prefix. + * g10/call-dirmngr.c: Adapt accordingly. + * g10/export.c: Likewise. + * g10/getkey.c: Likewise. + * g10/import.c: Likewise. + * g10/kbnode.c: Likewise. + * g10/keyedit.c: Likewise. + * g10/keylist.c: Likewise. + * g10/keyserver.c: Likewise. + * g10/mainproc.c: Likewise. + * g10/pkclist.c: Likewise. + * g10/pubkey-enc.c: Likewise. + * g10/tofu.c: Likewise. + * g10/trust.c: Likewise. + * g10/trustdb.c: Likewise. + +2017-03-08 Werner Koch <wk@gnupg.org> + + dirmngr: Do not put a keyserver into a new dirmngr.conf. + + commit 8f028642239fa992c6c059e3c1b4421a1813c827 + * g10/dirmngr-conf.skel: Do not define keyservers. + + doc: Add a note to the trust model direct. + + commit f0257b4a86b73f5b956028e68590b6d2a23ea4da + * doc/gpg.texi (GPG Configuration Options): Add note. Chnage Index + from trust-mode:foo to trust-model:foo. + +2017-03-07 Justus Winter <justus@g10code.com> + + Revert "build: Improve CFLAGS handling." + + commit b71384c8054ce2f245ccfae02b8ee81e1adfc512 + This reverts commit 4b57359ef3ce0b87e15889e12ef0fcd23f62dcb4. + + build: Improve CFLAGS handling. + + commit 4b57359ef3ce0b87e15889e12ef0fcd23f62dcb4 + * configure.ac: Strip any flags matching '-Werror' from CFLAGS before + running the tests, and add them back later on. + +2017-03-07 Michael Haubenwallner <michael.haubenwallner@ssi-schaefer.com> + + gpgscm: Use system strlwr if available. + + commit c22a2a89d3bd3d08b3abb8e4e33df32b480338ec + * tests/gpgscm/scheme.c: Define local strlwr only when HAVE_STRLWR is + not defined in config.h. + * tests/gpgscm/scheme-config.h: Remove hack. + +2017-03-07 Justus Winter <justus@g10code.com> + + gpg: Do not allow the user to revoke the last valid UID. + + commit 591b6a9d879cbcabb089d89a26d3c3e0306054e1 + * g10/keyedit.c (keyedit_quick_revuid): Merge self signatures, then + make sure that we do not revoke the last valid UID. + (menu_revuid): Make sure that we do not revoke the last valid UID. + * tests/openpgp/quick-key-manipulation.scm: Demonstrate that + '--quick-revoke-uid' can not be used to revoke the last valid UID. + +2017-03-07 NIIBE Yutaka <gniibe@fsij.org> + + tools: Removal of -Icommon. + + commit 80fb1a8a05b2194af16027555b09bbd5d48ec9ac + * tools/gpg-wks-server.c: Follow the change. + + More change for common. + + commit d6c7bf1f8ab8899faba2fb81a35b096921c38f3c + * g10, scd, test, tools: Follow the change of removal of -Icommon. + + Remove -I option to common. + + commit 70aca95d6816082b289fceca8eabfcf718a6b701 + * dirmngr/Makefile.am (AM_CPPFLAGS): Remove -I$(top_srcdir)/common. + * g10/Makefile.am (AM_CPPFLAGS): Ditto. + * g13/Makefile.am (AM_CPPFLAGS): Ditto. + * kbx/Makefile.am (AM_CPPFLAGS): Ditto. + * scd/Makefile.am (AM_CPPFLAGS): Ditto. + * sm/Makefile.am (AM_CPPFLAGS): Ditto. + * tools/Makefile.am (AM_CPPFLAGS): Ditto. + * Throughout: Follow the change. + +2017-03-07 Justus Winter <justus@g10code.com> + + tests: Avoid overflowing signed 32 bit time_t. + + commit de3838372ae3cdecbd83eea2c53c8e2656d93052 + * tests/openpgp/quick-key-manipulation.scm: Use expiration times in + the year 2038 instead of 2105 to avoid overflowing 32 bit time_t. + time_t is used internally to parse the expiraton time from the iso + timestamp. + +2017-03-07 NIIBE Yutaka <gniibe@fsij.org> + + agent: Resolve conflict of util.h. + + commit 176e07ce10d892fa7c7b96725b38b2fec9a1f916 + * agent/Makefile.am (AM_CPPFLAGS): Remove -I$(top_srcdir)/common. + * agent/call-pinentry.c, agent/call-scd.c: Follow the change. + * agent/command-ssh.c, agent/command.c, agent/cvt-openpgp.c: Ditto. + * agent/divert-scd.c, agent/findkey.c, agent/genkey.c: Ditto. + * agent/gpg-agent.c, agent/pksign.c, agent/preset-passphrase.c: Ditto. + * agent/protect-tool.c, agent/protect.c, agent/trustlist.c: Ditto. + * agent/w32main.c: Ditto. + + agent: Add include files. + + commit bf03925751abb739f2fd9d631694d3dd33decf92 + * agent/command-ssh.c: Add sys/socket.h and sys/un.h. + + agent: Fix get_client_pid for portability. + + commit f7f806afa5083617f4aba02fc3b285b06a7d73d4 + * configure.ac: Simply check getpeerucred and ucred.h, and structure + members. + * agent/command-ssh.c: Include ucred.h. + (get_client_pid) [HAVE_STRUCT_SOCKPEERCRED_PID]: Use sockpeercred + structure for OpenBSD. + [LOCAL_PEERPID]: Use LOCAL_PEERPID for macOS. + [LOCAL_PEEREID]: Use LOCAL_PEEREID for NetBSD. + [HAVE_GETPEERUCRED]: Use getpeerucred for OpenSolaris. + + common: Fix warning for portability. + + commit b9ab733fc0dd2ca2a7eaac0bde3a817c07af36c5 + * common/localename.c (do_nl_locale_name): We don't use CATEGORY. + + tools: More portable for openpty use. + + commit ce37ada87139ef418401f9f35439007a8c04a856 + * configure.ac (AC_CHECK_HEADERS): Add util.h libutil.h and termios.h. + * tools/symcryptrun.c: Include those headers. + + scd: Close THE_EVENT handle. + + commit cc933a96f8e83bc66fb69ed33d9593acdd60c929 + * scd/scdaemon.c (handle_connections): Close the handle. + +2017-03-06 Justus Winter <justus@g10code.com> + + tests: Harmonize temporary and socket directory handling. + + commit 7e19786a5ddef637d1d9d21593fecf5a36b6f372 + * tests/gpgscm/tests.scm (mkdtemp): Do not magically obey the + environment variable 'TMP', make sure to always return an absolute + path. + * tests/gpgme/Makefile.am (TMP): Drop variable. + (TESTS_ENVIRONMENT): Drop 'TMP'. + * tests/gpgme/gpgme-defs.scm (create-gpgmehome): Start the agent. Do + not create private key store, the agent does that for us. + * tests/gpgsm/Makefile.am (TMP): Drop variable. + (TESTS_ENVIRONMENT): Drop 'TMP'. + * tests/gpgme/gpgme-defs.scm (create-gpgsmhome): Start the agent. Do + not create private key store, the agent does that for us. + * tests/migrations/Makefile.am (TMP): Drop variable. + (TESTS_ENVIRONMENT): Drop 'TMP'. + * tests/migrations/common.scm (gpgconf): New variable. + (run-test): Create and remove socket directory. + * tests/migrations/extended-pkf.scm (src-tarball): Remove variable. + (setup): Remove function. + (trigger-migration): Likewise. + Use 'run-test' to execute the test. + * tests/migrations/from-classic.scm (src-tarball): Remove variable. + (setup): Remove function. + Use 'run-test' to execute the tests. + * tests/openpgp/Makefile.am (TMP): Drop variable. + (TESTS_ENVIRONMENT): Drop 'TMP'. + * tests/openpgp/README: Do not mention 'TMP'. + * tests/openpgp/defs.scm (with-home-directory): New macro. + (create-legacy-gpghome): Do not create private key store, the agent + does that for us. + (start-agent): Make sure to terminate the right agent with 'atexit'. + + gpgscm: Fix creation of temporary directories. + + commit 171e4314ebd3ff74af3dcdc8bd68e1100e8910ea + * tests/gpgscm/ffi.c (do_mkdtemp): Use a larger buffer for the + template. + +2017-03-06 Werner Koch <wk@gnupg.org> + + wks: Set published keys world-readable. + + commit e3589110e01dc6ad04463351ec2ce17201556d09 + * tools/gpg-wks-server.c (check_and_publish): Set the permissions. + + gpg: Fix attempt to double free an UID structure. + + commit 4a130bbc2c2f4be6e8c6357512a943f435ade28f + * g10/getkey.c (get_best_pubkey_byname): Set released .UID to NULL. + +2017-03-06 NIIBE Yutaka <gniibe@fsij.org> + + scd: Fix compiler warnings for app-openpgp.c. + + commit e6ca015ae182a6dbb0466441efc17c99683e9375 + * scd/app-openpgp.c (retrieve_key_material): Remove touching I. + (do_change_pin): Make sure going to leave if PINVALUE == 0. + (rsa_writekey): Emit simpler log. + + scd: More cleanup of old code. + + commit 9bf39ed75ddbd35908bcd0996f55325ff801619a + * scd/app-dinsig.c (do_sign): Remove assignment to HASHALGO. + * scd/app-p15.c (parse_keyusage_flags): Remove assign to MASK. + (read_ef_aodf): Likewise. + (read_ef_cdf): Change the control to parse_error. + * scd/app-sc-hsm.c (parse_keyusage_flags): Remove assign to MASK. + (read_ef_prkd): Remove assign to S. + (read_ef_prkd): Check if PRKDF is not null. + (read_ef_cd): Likewise for CDF. + + scd: Clean up old code. + + commit cb6337329d3c858c695a7e56e2fc31d9d50ca3fe + * scd/apdu.c (CT_init, CT_data, CT_close): Remove. + (ct_error_string, ct_activate_card, close_ct_reader, reset_ct_reader) + (ct_get_status, ct_send_apdu, open_ct_reader): Remove. + (new_reader_slot) [NEED_PCSC_WRAPPER]: Remove fd and pid handling. + (writen, readn): Remove. + (pcsc_get_status, pcsc_send_apdu, control_pcsc, close_pcsc_reader) + (reset_pcsc_reader, open_pcsc_reader): Only DIRECT version. + (apdu_open_one_reader): Remove CT_api handling. + (apdu_get_status_internal, send_le): Fix to stop warnings. + + scd: Fix API of select_file/_path. + + commit 0703de01c8fbc417a99ecf8e950fc306b8c8ac9c + * scd/iso7816.c (iso7816_select_file, iso7816_select_path): Remove + unused arguments. + * scd/app-dinsig.c (do_readcert): Follow the change. + * scd/app-help.c (app_help_read_length_of_cert): Likewise. + * scd/app-nks.c (keygripstr_from_pk_file, do_readcert, do_readkey) + (switch_application): Likewise. + * scd/app-p15.c (select_and_read_binary, select_ef_by_path) + (micardo_mse, app_select_p15): Likewise. + * scd/app.c (app_new_register): Likewise. + + agent: For SSH, robustly handling scdaemon's errors. + + commit 4ce4f2f683a17be3ddb93729f3f25014a97934ad + * agent/command-ssh.c (card_key_list): Return 0 when + agent_card_serialno returns an error. + (ssh_handler_request_identities): Handle errors for card listing + and proceed to other cases. + +2017-03-03 Werner Koch <wk@gnupg.org> + + dirmngr: Fix commit de6d8313. + + commit 67c203b6bf8d6dd489ceef3391f609986e7b7a49 + * dirmngr/http-common.c (get_default_keyserver): Fix assert. + +2017-03-03 NIIBE Yutaka <gniibe@fsij.org> + + scd: Fix scd_kick_the_loop. + + commit f9acc7d18bb90f47dafe7e32ae92f567756d6b12 + * scd/scdaemon.c (notify_fd): Remove. + (the_event) [W32]: New. + (main_thread_pid) [!W32]: New. + (handle_signal): Handle SIGCONT. + (scd_kick_the_loop): Use signal on UNIX and event on Windows. + (handle_connections): Likewise. + +2017-03-03 Werner Koch <wk@gnupg.org> + + gpg: Fix possible segv when attribute packets are filtered. + + commit 5f6f3f5cae8a95ed469129f9677782c17951dab3 + * g10/import.c (impex_filter_getval): Handle PKT_ATTRIBUTE the same as + PKT_USER_ID + (apply_drop_sig_filter): Ditto. + + gpg: Add new variables to the import and export filters. + + commit 1813f3be23bdab5a42070424c47cb8daa9d9e6b7 + * g10/import.c (impex_filter_getval): Add new variables "expired", + "revoked", and "disabled". + +2017-03-02 Werner Koch <wk@gnupg.org> + + tools: Fix compile error with older gcc versions. + + commit b1f48da02b474e985161aa2778d7b602a13c4292 + * tools/mime-parser.h: Include rfc822parse.h. + (struct rfc822parse_context): Remove duplicate definition. + + dirmngr: Rearrange files to fix de6d831. + + commit 1890896fe698c55d15160a53aa6c5c22dc424031 + * dirmngr/http-common.c: New. + * dirmngr/http-common.h: New. + * dirmngr/Makefile.am (dirmngr_SOURCES): Add them. + (t_http_SOURCES): Add them. + (t_ldap_parse_uri_SOURCES): Add them. + * dirmngr/misc.c (get_default_keyserver): Move to ... + * dirmngr/http-common.c: here. + * dirmngr/http.c: Include http-common.h instead of misc.h. + * dirmngr/http-ntbtls.c: Ditto. + + dirmngr: Let --gpgconf-list return the default keyserver. + + commit de6d8313f6df32aaa151bee74e1db269ac1e0fed + * dirmngr/misc.c (get_default_keyserver): New. + * dirmngr/http.c: Include misc.h + (http_session_new): Use get_default_keyserver instead of hardwired + "hkps.pool.sks-keyservers.net". + * dirmngr/http-ntbtls.c (gnupg_http_tls_verify_cb): Ditto. + * dirmngr/dirmngr.c (main) <aGPGCongList>: Return default keyserver. + +2017-03-02 Justus Winter <justus@g10code.com> + + gpg: Always initialize the trust db when generating keys. + + commit 0c4d0620d327e8a2069532a5519afefe867a47d6 + * g10/gpg.c (main): Always initialize the trust db when generating + keys. + * g10/keygen.c (do_generate_keypair): We can now assume that there is + a trust db. + + gpg: Fix (quick) key generation with --always-trust. + + commit 4735ab96aa5577d40ba7b3f72d863057198cc6a7 + * g10/keygen.c (do_generate_keypair): Only update the ownertrust if we + do have a trust database. + * g10/trustdb.c (have_trustdb): New function. + * g10/trustdb.h (have_trustdb): New prototype. + * tests/openpgp/quick-key-manipulation.scm: Remove workaround. + +2017-03-02 Werner Koch <wk@gnupg.org> + + agent: Improve error message for the KEYTOCARD command. + + commit d6f0f368763006abf08818bfefcd32ecedb5c20a + * agent/command.c (cmd_keytocard): Always use leave_cmd. Simplify + timestamp checking and do an early test with an appropriate error + message. + +2017-03-02 Justus Winter <justus@g10code.com> + + g10: Signal an error when trying to revoke non-existant UID. + + commit 62d21a4ab4029b32ea129f1cf3a0e1f22e2fb7b0 + * g10/keyedit.c (keyedit_quick_revuid): Signal an error when trying to + revoke non-existant UID. + * tests/openpgp/quick-key-manipulation.scm: Test that. + + tests: Log information about ssh, add comments to test. + + commit 74cb3b230c1f99afc5fd09bccc24186a63b154b0 + * tests/openpgp/ssh-import.scm (ssh-version-string): New variable, and + log the binary and version used in the test. + (ssh-supports?): Document how we test what algorithms are supported by + ssh, and log ssh-keygen's replies. + + common,tools: Always escape newlines when escaping data. + + commit e064c75b08a523f738108428fe0c417a46e66238 + * common/stringhelp.c (do_percent_escape): Always escape newlines. + * tools/gpgconf-comp.c (gc_percent_escape): Likewise. + +2017-03-01 Werner Koch <wk@gnupg.org> + + Release 2.1.19. + + commit 4a28c212b35739ce951bd41cfc6ef1a215846b2e + + + build: Add kludge for "make distcheck" in a release build. + + commit 246b27921b5dc34f367d879402725784aaee2494 + * configure.ac: New option --enable-gnupg-builddir-envvar. + (ENABLE_GNUPG_BUILDDIR_ENVVAR): New ac_define. + * common/homedir.c (gnupg_set_builddir_from_env): Consider + ENABLE_GNUPG_BUILDDIR_ENVVAR. + * Makefile.am (DISTCHECK_CONFIGURE_FLAGS): Rename to ... + (AM_DISTCHECK_CONFIGURE_FLAGS): this to be future proof. Add option + --enable-gnupg-builddir-envvar. + +2017-03-01 Yuri Chornoivan <yurchor@ukr.net> + + po: Update Ukrainian translation. + + commit c7f2a59833728e99e00449da2ddb10cf66693e7e + + +2017-03-01 Ineiev <ineiev@gnu.org> + + po: Update Russian translation. + + commit 280c724fe26bfd861ac74abc71e221795d8947f0 + + +2017-03-01 Werner Koch <wk@gnupg.org> + + gpg: Make --export-options work with --export-secret-keys. + + commit 891ab23411b7f20ef37d8bde81d9857b083235df + * g10/export.c (export_seckeys): Add arg OPTIONS and pass it to + do_export. + (export_secsubkeys): Ditto. + * g10/gpg.c (main): Pass opt.export_options to export_seckeys and + export_secsubkeys + + gpg: Allow creating keys using an existing ECC key. + + commit 2bbdeb8ee87a6c7ec211be16391a11b7c6030bed + * common/sexputil.c (get_pk_algo_from_canon_sexp): Remove arg R_ALGO. + Change to return the algo id. Reimplement using get_pk_algo_from_key. + * g10/keygen.c (check_keygrip): Adjust for change. + * sm/certreqgen-ui.c (check_keygrip): Ditto. + +2017-02-28 Werner Koch <wk@gnupg.org> + + gpg: Do not require a trustdb for decryption. + + commit e182542e90cbeff4f2ac6c8d71061356d7cdcdea + * g10/trustdb.c (init_trustdb): Add and implement arg NO_CREATE. + Change to return an error code. Change all callers to to pass False + for NO_CREATE. + (tdb_get_ownertrust): New arg NO_CREATE. Call init_trustdb to test + for a non-existing trustdb. Change all callers to to pass False for + NO_CREATE. + (tdb_get_min_ownertrust): Ditto. + * g10/trust.c (get_ownertrust_with_min): Add arg NO_CREATE. Call + init_trustdb for a quick check. + (get_ownertrust_info): Add arg NO_CREATE. + (get_ownertrust_string): Ditto. + * g10/gpgv.c (get_ownertrust_info): Adjust stub. + * g10/test-stubs.c (get_ownertrust_info): Ditto. + * g10/mainproc.c (list_node): Call get_ownertrust_info with NO_CREATE + set. + * g10/pubkey-enc.c (get_it): Ditto. + +2017-02-28 Justus Winter <justus@g10code.com> + + gpgscm: Improve parsing. + + commit e4583ae14e52482ab390c102d071755f91ab211d + * tests/gpgscm/scheme.c (port_increment_current_line): Avoid creating + the same integer if the delta is zero. This happens a lot during + parsing, and puts pressure on the memory allocator. + + gpgscm: Fix calculating the line number. + + commit 058c97f9fc485405246b1adfcc905c1891550652 + * tests/gpgscm/scheme.c (opexe_5): Only increment the line number on + newlines. + + gpg,tools: Make auto-key-retrieve configurable via gpgconf. + + commit d379a0174cca595204b32da9a66c513a1304e6d0 + * g10/gpg.c (gpgconf_list): Add 'auto-key-retrieve'. + * tools/gpgconf-comp.c (gc_options_gpg): Likewise. + + tests: Improve support for gpgconf. + + commit 41900175cf046dd9abe3d7a6805f6a403d68df15 + * tests/openpgp/defs.scm: Improve high-level inteface to gpgconf. + * tests/openpgp/gpgconf.scm: Adapt. + * tests/openpgp/tofu.scm: Use it to select the trust model. + + gpg,tools: Make trust-model configurable via gpgconf. + + commit ebeccd73eb85f9027f0985d77dfe901266c6ddef + * g10/gpg.c (gpgconf_list): Add 'trust-model'. + * tools/gpgconf-comp.c (gc_options_gpg): Likewise. + + gpgscm: Track source locations in every kind of ports. + + commit 7cc57e2c63d0fa97569736419db5c76117e7685b + * tests/gpgscm/scheme-private.h (struct port): Move location + information out of the union. + * tests/gpgscm/scheme.c (mark): All ports need marking now. + (gc): Likewise all ports on the load stack. + (port_clear_location): Adapt accordingly. Also, add an empty function + for !SHOW_ERROR_LINE. + (port_increment_current_line): Likewise. + (port_reset_current_line): Drop function in favor of... + (port_init_location): ... this new function. + (file_push): Simplify. + (file_pop): Likewise. + (port_rep_from_filename): Likewise. + (port_rep_from_file): Likewise. + (port_rep_from_string): Also initialize the location. + (port_rep_from_scratch): Likewise. + (port_close): Simplify and generalize. + (skipspace): Likewise. + (token): Likewise. + (_Error_1): Generalize. + (opexe_5): Likewise. + (scheme_deinit): Simplify and generalize. + (scheme_load_named_file): Likewise. + (scheme_load_string): Also initialize the location. + +2017-02-28 Werner Koch <wk@gnupg.org> + + gpgv,w32: Fix --status-fd. + + commit 8a67dc4c4324b617b5a3fea51c59c674488544d6 + * g10/gpgv.c (main): Use translate_sys2libc_fd_int for --status-fd. + + w32: Make pipes really pollable. + + commit 1192449207f41b26be8950b04df84a52c8a2a886 + * common/exectool.c (gnupg_exec_tool_stream) [W32]: Use _get_osfhandle + to print the fd for the command line. + * common/exechelp-w32.c (create_pipe_and_estream): Use es_sysopen so + that the streams are actually pollable. + +2017-02-26 Daniel Kahn Gillmor <dkg@fifthhorseman.net> + + dirmngr: Avoid warnings during non-ntbtls build. + + commit f5782e11a560fd590221042391254c810a42e45f + * dirmngr/t-http.c (my_http_tls_verify_cb): Avoid warnings when not + using ntbtls. + + trustdb: Respect --quiet during --import-ownertrust. + + commit ddf01a67d6388d988f1db50a06facb21c14d9426 + * g10/tdbdump.c (import_ownertrust): If opt.quiet is set, do not send + log_info messages. + +2017-02-26 Manish Goregaokar <manish@mozilla.com> + + g10: fix typo. + + commit 64ec21bebd3f136722e608649906b59c6add6947 + I already have copyright assignment with the FSF for GDB. I don't + think I'll need to do the DCO thing. + +2017-02-24 Werner Koch <wk@gnupg.org> + + gpgv: New options --log-file and --debug. + + commit 7af5d61c6e210210c777be9e6e87720dd4a055d9 + * g10/gpgv.c (oLoggerFile, oDebug): New consts. + (opts): Add options --log-file and --debug. + (main): Implement options. + +2017-02-24 Andre Heinecke <aheinecke@intevation.de> + + speedo,w32: Fix gpg-wks-client installation. + + commit 49b4a676148523b51beca3ae929e9d78ed7ba110 + * build-aux/speedo/w32/inst.nsi: gpg-wks-client is an exe. + +2017-02-23 Werner Koch <wk@gnupg.org> + + dirmngr: Add new debug flag "extprog" + + commit 22b69b9edfdf6e6172239cbd1075ffe29077d339 + * dirmngr/dirmngr.h (DBG_EXTPROG_VALUE, DBG_EXTPROG): New macros. + * dirmngr/dirmngr.c (debug_flags): Add flag "extprog". + (handle_connections): Use a macro instead of -1 for an invalid socket. + * dirmngr/loadswdb.c (verify_status_cb): Debug the gpgv call. + + wks: Make sure that the draft 2 request is correctly detected. + + commit d30e17ac62dea8913b7f353971d546b6b1a09bd5 + * tools/gpg-wks.h (WKS_DRAFT_VERSION): New. + * tools/wks-receive.c (new_part): Move test wks draft version to ... + (t2body): new callback. + (wks_receive): Register this callback. + * tools/gpg-wks-server.c (send_confirmation_request): Emit draft + version header. + (send_congratulation_message): Ditto. + * tools/gpg-wks-client.c (decrypt_stream_parm_s): New. + (decrypt_stream_status_cb): Check DECRYTPION_KEY status. + (decrypt_stream): Get infor from new callback. + (process_confirmation_request): New arg 'mainfpr'. Check that it + matches the decryption key. + (read_confirmation_request): Check that the decryption key has been + generated by us. + (command_send): Use macro from draft version header. + (send_confirmation_response): Emit draft version header. + + wks: New callback for the mime parser. + + commit a2090250829fe8989be2afc8cf41ba2a022072fc + * tools/mime-parser.c (mime_parser_context_s): New field 't2body'. + (parse_message_cb): Call that callback. + (mime_parser_set_t2body): New. + + gpg: Emit new status DECRYPTION_KEY. + + commit effa80e0b5fd8cf9e31a984afe391c2406edee8b + * common/status.h (STATUS_DECRYPTION_KEY): New. + * g10/pubkey-enc.c (get_it): Emit that status. + + dirmngr,w32: Make https with ntbtls work. + + commit a42bf00b4edce789999aa3bdfce235cf726463ae + * dirmngr/http.c (simple_cookie_functions): New. + (send_request) [HTTP_USE_NTBTLS, W32]: Use es_fopencookie. + (cookie_read): Factor some code out to ... + (read_server): new. + (simple_cookie_read, simple_cookie_write) [W32]: New. + +2017-02-22 Werner Koch <wk@gnupg.org> + + scd,agent: Improve the OpenPGP PIN prompt texts. + + commit f98c8cb013033c08e98ebedcc0e084fbd2a85b0c + * scd/app-openpgp.c (get_prompt_info): Change texts. + * agent/call-pinentry.c (struct entry_features): New. + (getinfo_features_cb): New. + (start_pinentry): Set new fucntion as status callback. + (build_cmd_setdesc): New. Replace all snprintf for SETDESC by this + one. + +2017-02-22 Andre Heinecke <aheinecke@intevation.de> + + scd: Nitpicks on the improved card prompts. + + commit 143ca039e1e81140ae520cc1025f8e25c01acc80 + * src/app-openpgp.c (get_prompt_info): Change wording and order + slightly. + +2017-02-22 Werner Koch <wk@gnupg.org> + + scd: Improve the prompts for OpenPGP cards. + + commit e3944f34e3220f96fb1be449eb6f3d7360bc2d0b + * scd/app-openpgp.c (get_disp_name): New. + (get_disp_serialno): New. + (get_prompt_info): New. + (build_enter_admin_pin_prompt): Rework the prompt texts. Factor some + code out to ... + (get_remaining_tries): New. + (verify_a_chv): Print a remaining counter also for the standard PIN. + Rework the prompt texts. + + * agent/divert-scd.c (ask_for_card): Pretty format an OpenPGP serial + no. + + agent: Prepend the description to a PIN prompt. + + commit 6488ffb767733a2cf92ca5ba3e61fc0c53e0f673 + * agent/divert-scd.c (has_percent0A_suffix): New. + (getpin_cb): Prepend DESC_TEXT to the prompt. + * agent/findkey.c (modify_description): Rename to ... + (agent_modify_description): this. MAke global. Add kludge to remove + empty parentheses from the end. + (agent_key_from_file, agent_delete_key): Adjust for above change. + * agent/pksign.c (agent_pksign_do): Modify DESC_TEXT also when + diverting to a card. + + agent: Prepare to pass an additional parameter to the getpin callback. + + commit 78d875a0f83bc046279b951aea76cd74f3c44fd8 + * agent/call-scd.c (writekey_parm_s, inq_needpin_s): Merge into ... + (inq_needpin_parm_s): new struct. Add new field 'getpin_cb_desc'. + Change users to set all fields. + (inq_needpin): Pass GETPIN_CB_DESC to the GETPIN_CB. + (agent_card_pksign): Add arg 'desc_text' and change arg 'getpin_cb' to + take an additional arg 'desc_text'. + (agent_card_pkdecrypt): Ditto. + (agent_card_writekey): Change arg 'getpin_cb' to take an additional + arg 'desc_text'. + (agent_card_scd): Ditto. + * agent/divert-scd.c (getpin_cb): Add new arg 'desc_text'. + (divert_pksign): Add new arg 'desc_text' and pass is to + agent_card_pksign. + (divert_pkdecrypt): Add new arg 'desc_text' and pass is to + agent_card_pkdecrypt. + * agent/pkdecrypt.c (agent_pkdecrypt): Pass DESC_TEXT to + divert_pkdecrypt. + * agent/pksign.c (agent_pksign_do): Pass DESC_TEXT to + divert_pksign. + +2017-02-22 NIIBE Yutaka <gniibe@fsij.org> + + tests: No spelling fix for test text. + + commit ef424353f342f80ca6d18ede8b63c1b02215d105 + * tests/openpgp/verify.scm (msg_ed25519_rshort): Revert the spelling + fix. + +2017-02-21 Werner Koch <wk@gnupg.org> + + dirmngr: Add special treatment for the standard hkps pool to ntbtls. + + commit 831d014550863026dfefa774c961a21bd20c1e48 + * dirmngr/validate.h (VALIDATE_FLAG_SYSTRUST): Remove + (VALIDATE_FLAG_EXTRATRUST): Remove + (VALIDATE_FLAG_TRUST_SYSTEM): New. + (VALIDATE_FLAG_TRUST_CONFIG): New. + (VALIDATE_FLAG_TRUST_HKP): New. + (VALIDATE_FLAG_TRUST_HKPSPOOL): New. + (VALIDATE_FLAG_MASK_TRUST): New. + * dirmngr/validate.c (check_header_constants): New. + (validate_cert_chain): Call new function. Simplify call to + is_trusted_cert. + * dirmngr/crlcache.c (crl_parse_insert): Pass + VALIDATE_FLAG_TRUST_CONFIG to validate_cert_chain + * dirmngr/server.c (cmd_validate): Use VALDIATE_FLAG_TRUST_SYSTEM and + VALIDATE_FLAG_TRUST_CONFIG. + * dirmngr/http-ntbtls.c (gnupg_http_tls_verify_cb): Check provided TLS + context. Set trustclass flags using the new VALIDATE_FLAG_TRUST + values. + + * dirmngr/certcache.c (cert_cache_init): Load the standard pool + certificate prior to the --hkp-cacerts. + + dirmngr: Load --hkp-cacert values into the certificate cache. + + commit d1625a9a82b1e5d96bbbf2132c49c53108565ae1 + * dirmngr/dirmngr.c (hkp_cacert_filenames): New var. + (parse_rereadable_options): Store filenames from --hkp-cacert in the + new var. + (main, dirmngr_sighup_action): Pass that var to cert_cache_init. + * dirmngr/certcache.c (cert_cache_init): Add arg 'hkp_cacert' and load + those certs. + (load_certs_from_file): Use autodetect so that PEM and DER encodings + are possible. + + dirmngr: Load "sks-keyservers.netCA.pem" into the cache. + + commit 9741aa24d9056b56cd5366ff5379bd8a3e6118df + * dirmngr/certcache.c (load_certs_from_file): Always build this + function. Add args 'trustclasses' and 'no_error'. Pass TRUSTCLASSES + to put_cert. + (load_certs_from_system): Pass CERTTRUST_CLASS_SYSTEM to + load_certs_from_file. + (cert_cache_init): Try to load "sks-keyservers.netCA.pem". Don't make + function fail in an out-of-core condition. + + dirmngr: Implement trust classes for the cert cache. + + commit 50b9828eacc39c1ca75cb8313db896e4bdc8b270 + * dirmngr/certcache.h (CERTTRUST_CLASS_SYSTEM): New. + (CERTTRUST_CLASS_CONFIG): New. + (CERTTRUST_CLASS_HKP): New. + (CERTTRUST_CLASS_HKPSPOOL): New. + * dirmngr/certcache.c (MAX_EXTRA_CACHED_CERTS): Rename to ... + (MAX_NONPERM_CACHED_CERTS): this. + (total_extra_certificates): Rename to ... + (total_nonperm_certificates): this. + (total_config_certificates): Remove. + (total_trusted_certificates): Remove. + (total_system_trusted_certificates): Remove. + (cert_item_s): Remove field 'flags'. Add fields 'permanent' and + 'trustclasses'. + (clean_cache_slot): Clear new fields. + (put_cert): Change for new cert_item_t structure. + (load_certs_from_dir): Rename arg 'are_trusted' to 'trustclass' + (load_certs_from_file): Use CERTTRUST_CLASS_ value for put_cert. + (load_certs_from_w32_store): Ditto. + (cert_cache_init): Ditto. + (cert_cache_print_stats): Rewrite. + (is_trusted_cert): Replace arg 'with_systrust' by 'trustclasses'. + Chnage the test. + * dirmngr/validate.c (allowed_ca): Pass CERTTRUST_CLASS_CONFIG to + is_trusted_cert. + (validate_cert_chain): Pass CERTTRUST_CLASS_ values to + is_trusted_cert. + + dirmngr: New Assuan option "http-crl". + + commit 493c142e582ff5ef1b5fdfcb9653715ef43e83e9 + * dirmngr/dirmngr.h (server_control_s): New flag 'http_no_crl'. + * dirmngr/dirmngr.c (dirmngr_init_default_ctrl): Set this flag. + * dirmngr/server.c (option_handler): New option "http-crl" + * dirmngr/http.h (HTTP_FLAG_NO_CRL): New flag. + * dirmngr/http-ntbtls.c (gnupg_http_tls_verify_cb): Consult this flag. + * dirmngr/ks-engine-hkp.c (send_request): Set flag depending on CTRL. + * dirmngr/ks-engine-http.c (ks_http_fetch): Ditto. + + * dirmngr/t-http.c (main): New option --no-crl. + + dirmngr: Add a magic field to the http structs. + + commit 39c745038181edd097e188434b3f9c971ed3987f + * dirmngr/http.c (HTTP_SESSION_MAGIC): New. + (http_session_s): New field 'magic'. + (HTTP_CONTEXT_MAGIC): New. + (http_context_s): New field 'magic'. + (my_ntbtls_verify_cb): Assert MAGIC. + (fp_onclose_notification): Ditto. + (session_unref): Ditto. Reset MAGIC. + (http_session_new): Set MAGIC. + (http_open): Ditto. + (http_raw_connect): Ditto. + (http_close): Assert MAGIC. Reset MAGIC. + + * dirmngr/t-http.c (my_http_tls_verify_cb): MArk HTTP_FLAGS unused. + +2017-02-21 NIIBE Yutaka <gniibe@fsij.org> + + g10: Support primary key generation by keygrip. + + commit 3fc69224b7b22ad1df1395ebcb21549384839cd1 + * g10/keygen.c (para_name): Add pKEYGRIP. + (generate_keypair): Use pKEYGRIP for key generation. + (do_generate_keypair): Call do_create_from_keygrip with pKEYGRIP. + +2017-02-20 Werner Koch <wk@gnupg.org> + + dirmngr: Setup a log handler for ntbtls. + + commit a022baa4a487eec769411255a64088450c4c8a49 + * dirmngr/dirmngr.c (my_ntbtls_log_handler) [HTTP_USE_NTBTLS]: New. + (main) [HTTP_USE_NTBTLS]: Register log handler. + + common: New function log_logv_with_prefix. + + commit 3e9512e557d95c7dc36835365b127b25f6a5cdd9 + * common/logging.c (do_logv): Add arg 'prefmt' and print it. Chnage + call callers to pass NULL. + (log_logv_with_prefix): New. + + dirmngr.c: Make http.c build without any TLS support. + + commit e174893262d8de0f52faa8abe4fc0402719a35d8 + * dirmngr/http.c (http_session_new): Remove used of tls_prority. + + dirmngr: Make t-http.c work again with gnutls - second try. + + commit 81ea24b8637ac08e44e9e44816689413c2ae7e08 + * dirmngr/t-http.c: Always include ksba.h. + + dirmngr: Make t-http.c work again with gnutls. + + commit f923873863fd863d71349f20f5568f80aecc020b + * dirmngr/Makefile.am (t_http_CFLAGS, t_http_LDADD): Add KSBA flags + and libs. + +2017-02-19 Werner Koch <wk@gnupg.org> + + dirmngr: First take on ntbtls cert verification. + + commit 64fffd0ce2a4fd9cba152cf07497b585410cc652 + * dirmngr/http-ntbtls.c: New. + * dirmngr/Makefile.am (dirmngr_SOURCES): Add file. + * dirmngr/dirmngr.h (SERVER_CONTROL_MAGIC): New. + (server_conrol_s): Add field 'magic', + * dirmngr/dirmngr.c (dirmngr_init_default_ctrl): Set MAGIC. + (dirmngr_deinit_default_ctrl): Set MAGIC to deadbeef. + * dirmngr/http.c (my_ntbtls_verify_cb): New. + (http_session_new) [HTTP_USE_NTBTLS]: Remove all CA setting code. + (send_request) [HTTP_USE_NTBTLS]: Set the verify callback. Do not call + the verify callback after the handshake. + * dirmngr/ks-engine-hkp.c (send_request): Pass + gnupg_http_tls_verify_cb to http_session_new. + * dirmngr/ks-engine-http.c (ks_http_fetch): Ditto. + + * dirmngr/t-http.c (my_http_tls_verify_cb): New. + (main): Rename option --gnutls-debug to --tls-debug. + (main) [HTTP_USE_NTBTLS]: Create a session. + +2017-02-18 Werner Koch <wk@gnupg.org> + + dirmngr: Add per-session verify callback to http.c. + + commit a74902cccde539ee2bd216caec0da6eb54b67c1b + * dirmngr/http.h (http_verify_cb_t): New type. + * dirmngr/http.c (http_session_s): Add fields flags, verify_cb, and + verify_cb_value. + (http_session_new): Remove arg tls_priority. Add args verify_cb and + verify-cb_value. Store them in the session object. + (send_request): Use per-session verify callback. + (http_verify_server_credentials) [HTTP_USE_NTBTLS]: Return + GPG_ERR_NOT_IMPLEMENTED. + * dirmngr/ks-engine-hkp.c (send_request): Adjust for changed + http_session_new. + * dirmngr/ks-engine-http.c (ks_http_fetch): Ditto. + * dirmngr/t-http.c (main): Ditto. + + * dirmngr/server.c (do_get_cert_local): Replace xmalloc by malloc. + +2017-02-17 Werner Koch <wk@gnupg.org> + + dirmngr: Strip the default https port from the Host: header. + + commit cd32ebd152a522e362469ab969d91f8d49f28a60 + * dirmngr/http.c (send_request): Strip the default https port. + + dirmngr: Add option --no-crl to the VALIDATE cmd. + + commit f07811ee2c0a8044551e2ec063eda61cff7f6e39 + * dirmngr/validate.h: Remove enums VALIDATE_MODE_*. + (VALIDATE_FLAG_SYSTRUST, VALIDATE_FLAG_EXTRATRUST) + (VALIDATE_FLAG_CRL, VALIDATE_FLAG_RECURSIVE) + (VALIDATE_FLAG_OCSP, VALIDATE_FLAG_TLS) + (VALIDATE_FLAG_NOCRLCHECK): New constants. + * dirmngr/validate.c (validate_cert_chain): Change arg 'mode' to + 'flags'. Change code accordingly. Remove NO-CRL in TLS mode kludge. + * dirmngr/crlcache.c (crl_parse_insert): Change to use flag values for + the validate_cert_chain call. + * dirmngr/server.c (cmd_validate): Ditto. Add new option --no-crl. + + dirmngr: Add options --tls and --systrust to the VALIDATE cmd. + + commit 070211eb990f5ea41271eba432b6a6b485cef7c7 + * dirmngr/certcache.h (certlist_s, certlist_t): New. + * dirmngr/certcache.c (read_certlist_from_stream): New. + (release_certlist): New. + * dirmngr/server.c (MAX_CERTLIST_LENGTH): New. + (cmd_validate): Add options --tls and --systrust. Implement them + using a kludge for now. + * dirmngr/validate.c (validate_cert_chain): Support systrust + checking. Add kludge to disable the CRL checking for tls mode. + + dirmngr: Remove use of hardcoded numbers in validate. + + commit ed99af030d19305dd7cd41c41ac581306cb91fd5 + * dirmngr/validate.c (enum cert_usage_modes): New. + (cert_usage_p): Change type of arg MODE. Use enums instead of + hardwired values. Use a switch instead of tricky bit tests. + (cert_use_cert_p, cert_use_ocsp_p, cert_use_crl_p): Adjust. + + * dirmngr/validate.c (cert_usage_p): Rename to check_cert_usage. + (cert_use_cert_p): Rename to check_cert_use_cert. + (cert_use_ocsp_p): Rename to check_cert_use_ocsp. + (cert_use_crl_p): Rename to check_cert_use_crl. + + * dirmngr/validate.h (VALIDATE_MODE_CERT_SYSTRUST): New. + (VALIDATE_MODE_TLS, VALIDATE_MODE_TLS_SYSTRUST): New. + +2017-02-17 NIIBE Yutaka <gniibe@fsij.org> + + agent: No cards is not an error. + + commit dea4b3c742acbd195d6ab12b279b4dda315f2582 + * agent/command-ssh.c (card_key_list): Care the case of no cards. + + agent: Send back all public keys for available cards. + + commit 3f4f64b6ac0d7160fd9e1301f95820894b219c3f + * agent/call-scd.c (card_cardlist_cb, agent_card_cardlist): New. + * agent/command-ssh.c (card_key_list): New. + (ssh_handler_request_identities): Call card_key_list and loop for the + list to send public keys for all available cards. + +2017-02-17 Justus Winter <justus@g10code.com> + + gpgscm: Guard use of tagged expressions. + + commit aab6ba0bb60528b9e816e430be51170cf39611b0 + * tests/gpgscm/init.scm (vm-history-print): Check that the tag added + to expressions when parsing source files matches the expected format. + * tests/gpgscm/lib.scm (assert): Likewise. + +2017-02-17 NIIBE Yutaka <gniibe@fsij.org> + + scd: Fix RESET command handling (more). + + commit 99d4dfe83661d05ef3a20ed04e6cec5647536738 + * scd/app-common.h (struct app_ctx_s): Add reset_requested. + * scd/app.c (app_reset): Locking APP, set reset_requested. + (deallocate_app): Release the lock. + (release_application): Add LOCKED_ALREADY argument. + (scd_update_reader_status_file): Hold the lock when accessing APP. + When reset_requested is set, close the reader and deallocate APP. + * scd/command.c (open_card_with_request, cmd_restart): Follow the + change of release_application. + (send_client_notifications): Here it calls release_application holding + the lock. + +2017-02-16 Werner Koch <wk@gnupg.org> + + dirmngr,w32: Load all system provided certificates. + + commit 7006352da773d82c47797bbf11e570ecafac6501 + * dirmngr/certcache.c (CERTOPENSYSTEMSTORE) [W32]: New type. + (CERTENUMCERTIFICATESINSTORE) [W32]: New type. + (CERTCLOSESTORE) [W32]: New type. + (load_certs_from_file) [W32]: Do not build. + (load_certs_from_w32_store) [W32]: New. + (load_certs_from_system) [W32]: Call new function. + + dirmngr: Load all system provided certificates. + + commit 9a1a5ca0bc2cfb17ccf632de3e134b6d789c6855 + * configure.ac: Add option --default-trust-store. + (DEFAULT_TRUST_STORE_FILE): New ac_define. + * dirmngr/certcache.c: Include ksba-io-support.h. + (total_trusted_certificates, total_system_trusted_certificates): New. + (put_cert): Manage the new counters. + (cert_cache_deinit): Reset them. + (cert_cache_print_stats): Print them. + (is_trusted_cert): Add arg WITH_SYSTRUST. Change all callers to pass + false. + (load_certs_from_file): New. + (load_certs_from_system): New. + (cert_cache_init): Load system certificates. + + common: Rename remaining symbols in ksba-io-support. + + commit e1dfd862367cf91b66abe86bd73664409354bb14 + * common/ksba-io-support.c (gpgsm_reader_eof_seen): Rename to ... + (gnupg_ksba_reader_eof_seen): this. Change all callers. + (gpgsm_destroy_reader): Rename to ... + (gnupg_ksba_destroy_reader): this. Change all callers. + (gpgsm_finish_writer): Rename to ... + (gnupg_ksba_finish_writer): this. Change all callers. + (gpgsm_destroy_writer): Rename to ... + (gnupg_ksba_destroy_writer): this. Change all callers. + * common/ksba-io-support.c (struct base64_context_s): Rename to ... + (gnupg_ksba_io_s): this. + * common/ksba-io-support.h (base64_context_s): Ditto. + (Base64Context): Rename this typedef to ... + (gnupg_ksba_io_t): this. Change all users. + + common: Remove gpgsm dependencies from ksba-io-support. + + commit 28c31524be84f20b34573c78bd3a94a81e4b1d61 + * common/ksba-io-support.c: Include ksba-io-support.h instead of + ../sm/gpgsm.h. Include util.h. + (writer_cb_parm_s): Remove const from 'pem_name'. + (gpgsm_destroy_writer): Free 'pem_name'. + (gpgsm_create_reader): Rename to ... + (gnupg_ksba_create_reader): this. Replace args CTRL and + ALLOW_MULTI_PEM by a new arg FLAGS. Change the code to evaluate + FLAGS. Change all callers to pass the FLAGS. + (gpgsm_create_writer): Rename to ... + (gnupg_ksba_create_writer): this. Replace arg CTRL by new arg FLAGS. + Add arg PEM_NAME. Evaluate FLAGS. Store a copy of PEM_NAME. Change + all callers to pass the FLAGS and PEM_NAME. + + common: Change license of ksba-io-support.c. + + commit 919e76b407ac557b0f518ec03f3cc59e9e5740c9 + * common/ksba-io-support.c: Change from GPLv3+ to LGPLv3+/GPLv2+. + + sm,common: Move ksba reader and writer support to common/. + + commit 04bfa6fe6597b8ffcec61cbcacdc7eb137444e80 + * sm/base64.c: Rename to ... + * common/ksba-io-support.c: this. + * common/ksba-io-support.h: New. + * common/Makefile.am (common_sources): Add new files. + * sm/Makefile.am (gpgsm_SOURCES): Remove base64.c + + dirmngr: Prepare certcache for forthcoming changes. + + commit 5c4e67afd6385b48065de6a0f2dd0bfd936ab90b + * dirmngr/certcache.c (cert_item_s): Rename 'flags.loaded' to + 'flags.config'. Add 'flags.systrust'. + (total_loaded_certificates): Rename to total_config_certificates. + (put_cert): Rename args for clarity. Set SYSTRUST flag. + (load_certs_from_dir): Make sure put_cert does not set the SYSTRUST + flag. + + dirmngr: Replace stpcpy chains by strconcat. + + commit aef60abe6a1772e18634984a94bd70f57d57ccdd + * dirmngr/certcache.c (find_cert_bysn): Use strconcat. + (find_cert_bysubject): Ditto. + * dirmngr/http.c (store_header): Ditto. + * dirmngr/ldap.c (make_url): Ditto. + * dirmngr/server.c (get_cert_local_ski): Ditto. + (do_get_cert_local): Use xstrconcat. + +2017-02-16 NIIBE Yutaka <gniibe@fsij.org> + + scd: Minor fixes to silence compiler warnings. + + commit 7a666ccb44f43c4efbaa51c1ca16fc0b37c3399d + * scd/app.c (app_reset): Initialize ERR. + * scd/scdaemon.c (scd_kick_the_loop, handle_connections): Catch the + return value. + +2017-02-15 Werner Koch <wk@gnupg.org> + + libdns: Workaround for bracketed numerical addresses. + + commit a3509e12b6626a585ce7da6ceed8cfddcba2460f + * dirmngr/dns-stuff.c (resolve_name_libdns): Work around an + incompatibility between the glibc resolver and libdns. + + dirmngr: Do PTR lookups only for 'keyserver --hosttable'. + + commit a75325faf163275674a91971e75f1018035ca348 + * dirmngr/ks-engine-hkp.c (hostinfo_s): Remove fields v4addr and + v5addr and add fields iporname and iporname_valid. + (create_new_hostinfo): Clear them. + (add_host): Remove the code to set the v4addr and v6addr fields. + (ks_hkp_print_hosttable): Remove printing of the fields. Compute the + iporname field and display it. + (ks_hkp_reload): Force re-computing of the iporname field in + ks_hkp_print_hosttable. + + dirmngr: Avoid PTR lookup for hosts in a pool. + + commit da2ba20868093e3054d18adc2b1bc56cb23e4ba7 + * dirmngr/ks-engine-hkp.c (add_host): Don't to a PTR lookup for hosts + in a pool. + +2017-02-15 Justus Winter <justus@g10code.com> + + tests,build: Fix distcheck. + + commit 2f7b6cb279ea0ee27364fbb2b12df47e76166a39 + * tests/gpgscm/Makefile.am (EXTRA_DIST): Add 'time.scm'. + + tests: Test and document other ways to create keys. + + commit 90d383f1eb07fc823518dea10eb15ca390f5cf8e + * doc/gpg.texi: Clarify usage and expiration arguments for key + generation. + * tests/openpgp/quick-key-manipulation.scm: Test all variants. + + tests: Check expiration times of created keys. + + commit 127e1e532da4083ccd3c307555b6177fab16f408 + * tests/gpgscm/ffi.c (do_get_time): New function. + (ffi_init): Expose new function. + * tests/gpgscm/ffi.scm (get-time): Document new function. + * tests/gpgscm/time.scm: New file. + * tests/openpgp/quick-key-manipulation.scm: Use the new facilities to + check the expiration times of created keys. + * tests/openpgp/tofu.scm: Use the new module. + +2017-02-15 NIIBE Yutaka <gniibe@fsij.org> + + scd: Fix RESET command handling. + + commit e2792813a55e091c51be7b1b089a71beb6466f1d + * scd/app.c (release_application_internal): Remove. + (release_application): Merge release_application_internal. + (app_reset): Kick the loop and let close the reader. Sleep is + required here to wait closing. + (scd_update_reader_status_file): When APP is no use, close it. + +2017-02-14 Werner Koch <wk@gnupg.org> + + gpg: Make --export-ssh-key work for the primary key. + + commit b456e5be91dc064fc9509ea86edab113721ed299 + * g10/export.c (export_ssh_key): Also check the primary key. + +2017-02-13 Werner Koch <wk@gnupg.org> + + dirmngr: Do a DNS lookup even if it is missing from nsswitch.conf. + + commit dee026d761ae3d7594c3dbc5b3fa842df53cc189 + * dirmngr/dns-stuff.c (libdns_init): Do not print error message for a + missing nsswitch.conf. Make sure that tehre is a DNS entry. + + gpgconf: No ENOENT warning with --change-options et al. + + commit 30dac0486b6357e84fbe79c612eea940b654e4d1 + * tools/gpgconf-comp.c (retrieve_options_from_program): Check ERRNO + before printing a warning. + + gpg: Print a warning if no command has been given. + + commit 810adfd47801fc01e45fb71af9f05c91f7890cdb + * g10/gpg.c (main): Print in the default case. + +2017-02-13 Justus Winter <justus@g10code.com> + + g13: Fix build on macOS. + + commit f8ce31a7bf1ee85e5010b628a66e6f69486e5213 + * g13/Makefile.am (t_common_ldadd): Add iconv. + +2017-02-13 NIIBE Yutaka <gniibe@fsij.org> + + scd: Fix use case of PC/SC. + + commit da4c132cca2c6df81243c9660b7348268a848f88 + * scd/apdu.c (apdu_open_reader): Add an argument APP_EMPTY. + When CCID driver fails to open, try PC/SC if APP is nothing. + * scd/app.c (select_application): Supply arg if APP is nothing. + +2017-02-10 Werner Koch <wk@gnupg.org> + + gpg: Fix memory leak in the error case of signature creation. + + commit 5996c7bf99f3a681393fd9589276399ebc956cff + * g10/sign.c (write_signature_packets): Free SIG. Also replace + xcalloc by xtrycalloc. + +2017-02-08 Daniel Kahn Gillmor <dkg@fifthhorseman.net> + + common: Avoid warning about implicit declaration of gnupg_fd_valid. + + commit 8810314e377a9cb6612150a57cf99260ed0bb9f6 + * common/logging.c: Add #include "sysutils.h". + +2017-02-08 Justus Winter <justus@g10code.com> + + gpg,common: Make sure that all fd given are valid. + + commit 6823ed46584e753de3aba48a00ab738ab009a860 + * common/sysutils.c (gnupg_fd_valid): New function. + * common/sysutils.h (gnupg_fd_valid): New declaration. + * common/logging.c (log_set_file): Use the new function. + * g10/cpr.c (set_status_fd): Likewise. + * g10/gpg.c (main): Likewise. + * g10/keylist.c (read_sessionkey_from_fd): Likewise. + * g10/passphrase.c (set_attrib_fd): Likewise. + * tests/openpgp/Makefile.am (XTESTS): Add the new test. + * tests/openpgp/issue2941.scm: New file. + +2017-02-07 Justus Winter <justus@g10code.com> + + tests: Skip key types not supported by OpenSSH. + + commit 56aa85f88f6b35fb03a2dc1a95882d49a74290e3 + * tests/openpgp/ssh-import.scm (path): New variable. + (ssh,ssh-keygen,ssh-version,ssh-supports?): Likewise. + +2017-02-07 Werner Koch <wk@gnupg.org> + + wks: Add WKS-Phase headers to the server messages. + + commit b30ac663cec82c89ca9a3e87e65b36d2552f1533 + * tools/gpg-wks-server.c (send_confirmation_request): Add custom + header. + (send_congratulation_message): Ditto. + +2017-02-05 Daniel Kahn Gillmor <dkg@fifthhorseman.net> + + po: Manual updates of nl translation. + + commit aa3f08794bfc809821e2fc30a09a5ae23925c645 + * po/nl.po: Apply several minor manual cleanups to nl.po that were + previously applied to all the other localizations. + + po: Copied missing nl.po translation from the 2.0 branch. + + commit 8a9d4b55b09d04482b46055f0a60f01b86738df3 + * po/nl.po: Copy from 2.0 branch. + + gpg: Fix aliases --list-key, --list-sig, and --check-sig. + + commit f31120a5aa40b6e4e89d41d1d5d34e0f7da173b4 + * g10/gpg.c (opts): Define commands with ARGPARSE_c + instead of ARGPARSE_s_n. + +2017-02-04 Daniel Kahn Gillmor <dkg@fifthhorseman.net> + + doc: Clarify abbreviation of --help. + + commit f2b276dffbe2435b17abf2b3c51684d3636f3f11 + * doc/gpg.texi: clarify abbreviation of --help. + +2017-02-03 Werner Koch <wk@gnupg.org> + + agent: Tell pinentry the hostname the agent is running on. + + commit 042fe711c76f6377cedb8f83a73ba386cee34bb7 + * agent/call-pinentry.c [!W32]: Incluse utsname.h + (start_pinentry): Pass nodename to OPTION/owner. + + agent: Tell the Pinentry the client's pid. + + commit 309f464a5952c7d7504b875bf4853914b1242346 + * configure.ac: Check for SO_PEERCRED et al. + * agent/agent.h (server_control_s): Add field 'client_pid'. + * agent/command.c (start_command_handler): Set CLIENT_PID. + * agent/command-ssh.c (get_client_pid): New. + (start_command_handler_ssh): Set CLIENT_PID. + * agent/call-pinentry.c (start_pinentry): Tell Pinentry the client-pid. + + gpg: More diagnostics for a launched pinentry. + + commit 7052a0d77cf8f3a445b252a809d29be445788625 + * agent/call-pinentry.c (start_pinentry): Call getinfo/ttyinfo. + * g10/server.c (gpg_proxy_pinentry_notify): Simplify the output so + that we do not change the code when adding new fields to + PINENTRY_LAUNCHED. + +2017-02-02 Neal H. Walfield <neal@g10code.com> + + gpg: Don't assume that strtoul interprets "" as 0. + + commit 407f5f9baea5591f148974240a87dfb43e5efef3 + * g10/tofu.c (show_statistics): If there are not records, return 0 + instead of NULL. + + tests: Improve description of test. + + commit 64be8e1e8607944687f3ae45ec64aa30bf4fdf6f + * tests/openpgp/issue2929.scm: Improve description of test. + + Revert "Revert "tests: Add test demonstrating issue2929."" + + commit e596b21f4b78dd27489e677699cc4ba648051b3f + This reverts commit 59048b0f1aa77313573a1004cd3a9f02692a7521. + + gpg: Ensure TOFU bindings associated with UTKs are registered as usual. + + commit 769272ba87f282a69e8d5f9bb27c86e6bec4496b + * g10/tofu.c (get_trust): Call get_policy before short-circuiting the + policy lookup for ultimately trusted keys to make sure the binding is + added to the bindings table, if necessary. + + gpg: If there is a TOFU conflict, elide the too few message warning. + + commit a08c781739e7561093f32b732c4991f2bd817ec2 + * g10/tofu.c (tofu_get_validity): If there was a conflict, don't also + print out a warning about too few messages. + + gpg: Only print out TOFU statistics for conflicts in interactive mode. + + commit 027b81b35fe36692005b8dba22d9eb2db05e8c80 + * g10/tofu.c (get_trust): Add arguments POLICYP and CONFLICT_SETP. If + they are not NULL, return the policy and conflict set (if there is + one), respectively. Update callers. If MAY_ASK is FALSE, don't print + out the statistics. + (tofu_register_encryption): If there is a conflict and we haven't yet + printed the statistics about the conflicting bindings, do so now. + (tofu_get_validity): Likewise. + + gpg: Add newline to output. + + commit 74268180e5a3acc827f3a369f1fe5971f3bbe285 + * g10/tofu.c (ask_about_binding): Add newline to output. + + gpg: Remove period at end of warning. + + commit 6f9d8a956b2ca0f5a0eb7acc656fc17af2f2de47 + * g10/tofu.c (tofu_register_encryption): Remove period at end of + warning. + +2017-02-01 Werner Koch <wk@gnupg.org> + + dirmngr: New option --no-use-tor and internal changes. + + commit 7440119e729d3fdedda8a9b44b70f8959beea8d7 + * dirmngr/dns-stuff.c (disable_dns_tormode): New. + * dirmngr/dirmngr.c (oNoUseTor): New const. + (opts): New option --no-use-tor. + (tor_mode): New var. + (parse_rereadable_options): Change to use TOR_MODE. + (dirmngr_use_tor): New. + (set_tor_mode): Call disable_dns_tormode. Implement oNoUseTor. + * dirmngr/dirmngr.h (opt): Remove field 'use_tor'. Replace all + references by a call to dirmngr_use_tor(). + * dirmngr/server.c (cmd_getinfo): Distinguish between default and + enforced TOR_MODE. + +2017-02-01 NIIBE Yutaka <gniibe@fsij.org> + + scd: Fix regression tracking the connection count. + + commit 8ddc9268f6aedef0e178b174b89245c33d8189dd + * scd/scdaemon.c (get_active_connection_count): New. + (start_connection_thread): Bump ACTIVE_CONNECTIONS up and down. + * scd/command.c (cmd_getinfo): Add subcommand "connections". + +2017-01-31 Justus Winter <justus@g10code.com> + + gpgscm: Tune the hash tables. + + commit 2e78aa6ff770849415f8eb71ca70c8886e9564c8 + * tests/gpgscm/scheme.c (oblist_initial_value): Increase the size of + the hash table based on the number of symbols used after initializing + the interpreter. + (new_frame_in_env): Increase the size of the hash table based on the + number of variables in the global environement. + + gpgscm: Optimize environment lookups and insertions. + + commit b85d509a8f5c2e6200b8051ca1593c019abce90b + * tests/gpgscm/scheme.c (pointercmp): New function. + (new_slot_spec_in_env): Add and use slot for insertions. + (find_slot_spec_in_env): New variant of 'find_slot_in_env' that + returns the slot on failures. + (find_slot_in_env): Express using the new function. + (new_slot_in_env): Update callsite. + (opexe_0): Optimize lookup-or-insert. + (opexe_1): Likewise. + (scheme_define): Likewise. + + gpgscm: Fix build with list environments. + + commit 874424ee3cc795eae9972b6259a2cc4dcdbb868e + * tests/gpgscm/scheme.c (new_slot_spec_in_env): Provide preallocation + inforomation if USE_ALIST_ENV. + + gpgscm: Optimize symbol lookups and insertions. + + commit cea6d114b60deaecfbc2eb1aedbdfb7e6700922f + * tests/gpgscm/scheme.c (oblist_find_by_name): Keep the list of + symbols sorted, return the slot where a new symbol must be inserted on + lookup failures. + (oblist_add_by_name): Add the new symbol at the given slot. + (mk_symbol): Adjust callsite. + (gensym): Likewise. + (assign_syntax): Likewise. + + gpgscm: Fix build with object list. + + commit 8f0ecb16cbb3798ad18be5f05b826db2aa1aaa00 + * tests/gpgscm/scheme.c (oblist_add_by_name): Provide preallocation + information if USE_OBJECT_LIST. + + gpgscm: Remove unused functions. + + commit 2076cdaf6b93bc73223819895cc7a67323d8cee7 + * tests/gpgscm/scheme.c (check_cell_alloced): Remove function. + (check_range_alloced): Likewise. + +2017-01-31 Werner Koch <wk@gnupg.org> + + dirmngr: Require --allow-version-check even if --use-tor is used. + + commit b0e8376e19072ec3c590273c69ab3e8e5edfdaca + * dirmngr/dirmngr.c (housekeeping_thread): Load swdb only if the + option is set. + +2017-01-31 NIIBE Yutaka <gniibe@fsij.org> + + scd: Remove --debug-disable-ticker option. + + commit e17fa5c75d76af4d4684ee810cb446ecd5110560 + * scd/scdaemon.c (ticker_disabled): Remove. + (handle_tick, need_tick): Remove. + (handle_connections): Don't check ticker_disabled. + + scd: Fix SERIALNO for multiple devices. + + commit f08d37af049bf1718b301644020658dd2bb07638 + * scd/app.c (select_application): Fix the logic if periodical check is + needed. If it is needed for newly found device(s), kick the loop. + (scd_update_reader_status_file): Return value if select(2) should be + called with timeout. + * scd/ccid-driver.c (ccid_require_get_status): Don't return 0 for + token with no interrupt transfer for now. + * scd/command.c (open_card_with_request): Fix scan by SERIALNO. + * scd/scdaemon.c (update_usb): Remove. + (handle_connections): Evaluate need_tick after handle_tick. + +2017-01-30 Justus Winter <justus@g10code.com> + + gpgscm: Use a compact vector representation. + + commit 49e2ae65e892f93be7f87cfaae3392b50a99e4b1 + * tests/gpgscm/scheme-private.h (struct cell): Add a compact vector + representation. + * tests/gpgscm/scheme.c (vector_length): Use new representation. + (vector_size): New macro. + (get_vector_object): Use the new representation. + (fill_vector): Likewise. + (vector_elem): Likewise. + (set_vector_elem): Likewise. + (mark): Likewise. + (gc): Likewise. Be careful not to confuse immediate values for type + flags. + (finalize_cell): Vectors now require finalization. + + gpgscm: Provide framework for immediate values. + + commit e343984fc50e87830905614dc87f83f810551ad1 + * tests/gpgscm/scheme.c (IMMEDIATE_TAG): New macro. + ({is,set,clr}_immediate): Likewise. + (enum scheme_types): Make type tags disjoint from immediate values. + (TYPE_BITS): We need one more bit now. + (ADJ,T_MASKTYPE): Compute values. + + gpgscm: Fix setting the line of the first gc reservation. + + commit d27a4435bd8c0f0971d51ddf454422fc77d48271 + * tests/gpgscm/scheme.c (_gc_disable): Negate guard. + + gpgscm: Introduce macro for the vector length. + + commit 489edf84c9a9c2122cef1b4e678154521525b54a + * tests/gpgscm/scheme.c (vector_length): New macro. + (get_vector_object): Use the new macro. + (oblist_add_by_name): Likewise. + (oblist_find_by_name): Likewise. + (oblist_all_symbols): Likewise. + (mk_vector): Likewise. + (mark): Likewise. + (new_slot_spec_in_env): Likewise. + (find_slot_spec_in_env): Likewise. + (opexe_2): Likewise. + (opexe_5): Likewise. + + Revert "tests: Add test demonstrating issue2929." + + commit 59048b0f1aa77313573a1004cd3a9f02692a7521 + This reverts commit 5aafa56dffefe3fac55b9d0555c7c86e8a07f072. + +2017-01-30 NIIBE Yutaka <gniibe@fsij.org> + + scd: Fix GetSlotStatus. + + commit 2a025039c1817c7f75c35a898884849a8e5dc926 + * scd/apdu.c (get_status_reader): Add ON_WIRE arg, here. + (ct_get_status, pcsc_get_status_direct, pcsc_get_status_wrapped) + (pcsc_get_status, get_status_ccid, my_rapdu_get_status): Likewise. + (reset_pcsc_reader_wrapped, open_pcsc_reader_wrapped): Follow the + change. + (apdu_get_status_internal): It's lower-level driver which judge + it's not needed. Otherwise, it can't detect the removal. + * scd/ccid-driver.c (ccid_slot_status): After the POWERED_OFF check, + we can skip sending GetSlotStatus packet on wire, when no need. + + scd: Don't send GET_STATUS packet if not needed. + + commit 7c8eee4d396a751d41fd1ee1e1b87b851fca172a + * scd/apdu.c (apdu_get_status_internal): Add ON_WIRE arg. + (apdu_connect): Call apdu_get_status_internal with ON_WIRE enabled. + (apdu_get_status): For periodical check, call apdu_get_status_internal + with ON_WIRE disabled. + + scd: Fix cancel INTERRUPT transfer. + + commit 216afba0d99582d0fbae1d6e925f4ddb349d9de3 + * scd/ccid-driver.c (do_close_reader): Don't lock events, but check the + return value of libusb_cancel_transfer. + +2017-01-27 NIIBE Yutaka <gniibe@fsij.org> + + scd: More changes on watching removal of card/reader. + + commit f3d9b2582bcaa1936b4fed5ec42a889b02df2f42 + * scd/app-common.h (struct app_ctx_s): Rename field to + periodical_check_needed. + * scd/scdaemon.c (update_usb): Rename from update_fdset_for_usb. + Don't use libusb_get_pollfds any more. + (scd_kick_the_loop): New. + (need_tick): Follow the rename. + (handle_connections): No libusb event handling here. + * scd/app.c (app_new_register): Follow the change of rename. + (select_application, scd_update_reader_status_file): Likewise. + * scd/ccid-driver.c (ccid_usb_thread_is_alive): New. + (intr_cb): Call scd_kick_the_loop. + (ccid_usb_thread): New. Thread to invoke INTERRUPT callback. + (ccid_open_usb_reader): Add thread invocation. + (ccid_require_get_status): Remove + LIBUSB_WORKS_EXPECTED_FOR_INTERRUPT_ENDP. + (do_close_reader): Carefully handle handle->transfer. + (get_escaped_usb_string): Insert npth_unprotect/npth_protect. + (do_close_reader, bulk_out, bulk_in, abort_cmd, ccid_slot_status) + (ccid_transceive, ccid_transceive_secure): Likewise. + + scd: Fix release of transfer object. + + commit f92fe33f11c44f14fd31682259fcd231e8fa9e75 + * scd/ccid-driver.c (intr_cb): Handle LIBUSB_TRANSFER_CANCELLED. + (do_close_reader): When callback is active, call + libusb_cancel_transfer and wait callback is fired off. + + scd: Improve watching USB device removal. + + commit 25cc8575da9a9b8bf60c64c8059cb5f73cc52e1d + * scd/apdu.c(struct reader_table_s): Add require_get_status. + (apdu_connect): Change return value meaning. Call apdu_reset here. + * scd/app.c (app_new_register): Add require_get_status. + (select_application): Use the return value of apdu_connect. + (scd_update_reader_status_file): Call update_fdset_for_usb with + checking all_have_intr_endp. + (app_list_start, app_list_finish): Remove. + * scd/ccid-driver.c (struct ccid_driver_s): Add transfer. + (intr_cb): Don't call libusb_transfer in this callback. + (ccid_require_get_status): New. + (do_close_reader): Call libusb_transfer here. + * scd/scdaemon.c (update_fdset_for_usb): Remove the first argument. + + scd: Wake up the select when new USB scan. + + commit 031e3fa7b9a6770a4de1a184555250feeba0d26f + * scd/scdaemon.c (update_fdset_for_usb): Wake up the select(2). + (handle_connections): Use a kind of "self-pipe" technique. + +2017-01-26 NIIBE Yutaka <gniibe@fsij.org> + + scd: Only submit apdu_get_status when needed. + + commit 881dcdfd84ebad36bff20c895e629025bed9d94e + * scd/apdu.c (apdu_dev_list_finish): Return Boolean value if + all device support INTERRUPT transfer. + * scd/ccid-driver.c (ccid_dev_scan_finish): Likewise. + * scd/app.c (app_new_register): Fix initial value of card_status. + (select_application): Call update_fdset_for_usb. + (scd_update_reader_status_file): Ditto. + * scd/scdaemon.c (update_fdset_for_usb, need_tick): New. + (handle_connections): Call handle_tick when select returns. + Let select watch USB file descriptors, too. + Call libusb_handle_events_timeout_completed for INTERRUPT transfer. + + scd: Fix APP reference counting. + + commit 9b06633c811e8815c07d744f20b45405cb082367 + * scd/app.c (scd_update_reader_status_file): Don't call another + release_application_internal. + * scd/command.c (open_card_with_request): Don't require APPTYPE != + NULL. + + scd: Add INTERRUPT endp support to CCID driver. + + commit bb5ceb78c333129a44c0144f2cf49b17ede898f1 + * scd/app.c (scd_update_reader_status_file): Fix releas of APP. + * scd/ccid-driver.c (struct ccid_driver_s): Add INTR_BUF. + (intr_cb, ccid_setup_intr): New. + (ccid_open_usb_reader): Call ccid_setup_intr. + (ccid_slot_status): Return CCID_DRIVER_ERR_NO_READER when removed. + +2017-01-25 Justus Winter <justus@g10code.com> + + gpg: Fix searching for mail addresses in keyrings. + + commit 3f4f20ee6eff052c88647b820d9ecfdbd8df0f40 + * g10/keyring.c (compare_name): Fix KEYDB_SEARCH_MODE_MAIL* searches + in keyrings when the UID is a plain addr-spec. + + tests,w32: Fix GPGME tests requiring a pinentry. + + commit 02a39f0d1ed717f6fc33392e6ce4ab421c3bcbba + * tests/gpgme/gpgme-defs.scm: Use our fake pinentry, and configure it + to supply the correct passphrase. + + tests,w32: Fix gpgsm signature verification test. + + commit 7d5a0ed792133d875fcedb6e23a9a3682f1a23f9 + * tests/gpgsm/verify.scm: Use 'call-with-binary-output-file' to avoid + automatic line-ending conversion. + + agent: Fix double free. + + commit e175152ef7515921635bf1e00383e812668d13fc + * agent/cache.c (agent_store_cache_hit): Make sure the update is + atomic. + + tests: Skip GPGME tests that are not built. + + commit 5f2da5d439debf44615a97de788d8f720b517972 + * tests/gpgme/wrap.scm: Skip tests that are not built. + + tests,w32: Fix locating GPGME's tests on Windows. + + commit 6ecd8b3e71632bbcca524ad735c83bdc2a4c4a4a + * tests/gpgme/run-tests.scm: Qualify the test with the executable + extension. + +2017-01-24 Werner Koch <wk@gnupg.org> + + gpg: Print a warning on Tor problems. + + commit 770b75a746836773909af25ccb9b480e61cea677 + * dirmngr/ks-engine-hkp.c (tor_not_running_p): New. + (map_host): Call that to print a warning. + (handle_send_request_error): Ditto and avoid marking the host dead. + Also print a tor_config_problem warning. Add arg CTRL; adjust callers + to pass that new arg. + * g10/call-dirmngr.c (ks_status_cb): Detect and print the new + warnings. + + dirmngr: Simplify error returning inside http.c. + + commit 51e5a5e5a46279809848b4ab4419f35045336010 + * dirmngr/http.c (connect_server): Change to return an gpg_error_t + and to store socket at the passed address. + (http_raw_connect, send_request): Adjust accordingly. + + dirmngr: New option --disable-ipv4. + + commit 72736af86a501592d974d46ff754a63959e183bd + * dirmngr/dirmngr.c (oDisableIPv4): New const. + (opts): New option --disable-ipv4. + (parse_rereadable_options): Set that option. + * dirmngr/dirmngr.h (opt): New field 'disable_ipv4'. + * dirmngr/dns-stuff.c (opt_disable_ipv4): bew var. + (set_dns_disable_ipv4): New. + (resolve_name_standard): Skip v4 addresses when OPT_DISABLE_IPV4 is + set. + * dirmngr/ks-engine-hkp.c (map_host): Ditto. + (send_request): Pass HTTP_FLAG_IGNORE_IPv4 if opt.disable_v4 is set. + * dirmngr/crlfetch.c (crl_fetch): Ditto. + * dirmngr/ks-engine-finger.c (ks_finger_fetch): Ditto. + * dirmngr/ks-engine-http.c (ks_http_fetch): Ditto. + * dirmngr/ocsp.c (do_ocsp_request): Ditto. + +2017-01-24 Justus Winter <justus@g10code.com> + + tools: Use platform abstraction for I/O. + + commit 73d6572bd0f260c5aa1e191a1ba4859ec6fa262c + * tools/gpg-connect-agent.c (main): Use a gpgrt_stream_t for + 'script_fp'. Adapt accordingly. + + tools: Use platform abstraction for I/O. + + commit 77b8aff4e1bb641f497e63230a5006ab70e6c3a8 + * tools/gpgconf-comp.c (retrieve_options_from_file): Use a + gpgrt_stream_t for 'list_file'. Adapt accordingly. + (copy_file): Likewise for 'src' and 'dst'. + (change_options_file): Likewise for 'src_file' and 'dest_file'. + (change_options_program): Likewise for 'src_file' and 'dest_file'. + (gc_process_gpgconf_conf): Likewise for 'config'. + + tools: Use platform abstraction for renaming files. + + commit bfd75e9492fc4edd86f4049a62304943a7b2a29a + * tools/gpgconf-comp.c (gc_component_change_options): Use + 'gnupg_rename_file'. Also, block signals across all renames in an + attempt to make the whole process atomic. + + tools: Add comments explaining the functions parameters. + + commit 82e309ad06884e54693f4856412984331febdda0 + * tools/gpgconf-comp.c (change_options_file): Add comments explaining + the functions parameters. + (change_options_program): Likewise. + + tools: Improve error handling. + + commit b0348fdb26637b0bcbd68a96c1746a1613b309af + * tools/gpgconf-comp.c (gp_component_change_options): Improve error + handling when reading from stdin. + + tools: Fix memory leak. + + commit 5b28f025085b386e0ec49535d4cd3f875a414eb0 + * tools/gpgconf-comp.c (change_options_file): Fix leak. + + tests: Add test demonstrating issue2929. + + commit 5aafa56dffefe3fac55b9d0555c7c86e8a07f072 + * tests/openpgp/Makefile.am (XTESTS): Add new test. + * tests/openpgp/issue2929.scm: New file. + + tests: Enable gpgconf test. + + commit 628ff843466b42309f850b8d65b13cf5f586b81f + * tests/openpgp/Makefile.am (XTESTS): Re-add gpgconf.scm. + +2017-01-23 Werner Koch <wk@gnupg.org> + + Release 2.1.18. + + commit f8289b1d28f501d2f37bf9ccb5e42f7fb27b4688 + + + build: Change make distcheck configure and temp. remove gpgconf.scm. + + commit 25e029823813e190a18b601af60efcb1fb3b84af + * Makefile.am (DISTCHECK_CONFIGURE_FLAGS): Also test gpgtar and + wks-tools. Disable ntbtls. + * tests/openpgp/Makefile.am (XTESTS): Temporary remove gpgconf.scm. + + Fix format string errors and some missing error case initialization. + + commit af5979a42b9468ffe0f3ac6de5a77d982c5cf8a0 + * common/logging.c (do_logv): Remove extra parentheses in comparison. + + * dirmngr/dns-stuff.c (resolve_addr_libdns): Init RES so that + dns_res_close is given a defined value in the error case. + + * dirmngr/http.c (cookie_read, cookie_write) [HTTP_USE_NTBTLS]: Fix + format string char. + + * dirmngr/ks-engine-hkp.c (ks_hkp_help): Remove duplicate "const". + * dirmngr/ks-engine-http.c (ks_http_help): Ditto. + * dirmngr/ks-engine-kdns.c (ks_kdns_help): Ditto. + * dirmngr/ks-engine-ldap.c (ks_ldap_help): Ditto. + + * scd/app-p15.c (send_keypairinfo, do_getattr): Fix format string + char. + * tools/gpgconf-comp.c (gpg_agent_runtime_change): Init PID for the + error case. + (scdaemon_runtime_change): Ditto. + (dirmngr_runtime_change): Ditto. + + * tools/gpgconf.c (query_swdb): Init VALUE_SIZE_UL. + + dirmngr: On SIGHUP mark all keyservers alive. + + commit 3ca3da8fc4ef802b8cceec5fde398a07b4888848 + * dirmngr/ks-engine-hkp.c (ks_hkp_reload): New. + * dirmngr/dirmngr.c (dirmngr_sighup_action): Call it. + +2017-01-23 Gaetan Bisson <bisson@archlinux.org> + + libdns: Hack to skip negation term. + + commit d4c0187dd93163f12e9f953366adef81ecf526a6 + * dirmngr/dns.c (dns_nssconf_loadfile): Skip negation terms in + nsswitch.conf parser. + +2017-01-23 Werner Koch <wk@gnupg.org> + + dirmngr: Print debug message only with --debug. + + commit 9ae0b81e4ff08712da642456d0164f81924a91e4 + * dirmngr/dns-stuff.c (libdns_init): Call log_debug only if opt_debug + is set. + +2017-01-23 Phil Pennock <gnupg-devel@spodhuis.org> + + dirmngr: Handle missing nsswitch.conf. + + commit 88ade475c56ac3712d6bd6d41ae38e1421dcb320 + * dirmngr/dns-stuff.c (libdns_init): Fallback to files,dns. + +2017-01-23 Damien Goutte-Gattat <dgouttegattat@incenp.org> + + gpg: Fix misleading log message when checking regexp. + + commit a85731ada2d361eacddc5ae92f80d34792dd4b5e + * src/trustdb.c (check_regexp): Correctly print whether the + regexp matched or not. + +2017-01-23 Werner Koch <wk@gnupg.org> + + gpg: New export and import options "backup" and "restore". + + commit 953d4ec6afd1b42feb7465ee57e48d72f033019a + * g10/export.c (parse_export_options): Add "backup" and its alias + "export-backup". + (do_export_one_keyblock): Export ring trust packets in backup mode. + * g10/import.c (parse_import_options): Add "restore" and its alias + "import-restore". + (read_block): Import ring trust packets. + +2017-01-23 NIIBE Yutaka <gniibe@fsij.org> + + scd: Fix INTERRUPT transfer. + + commit 21c9ebb908c2ad2e322e7a13e59e5880494c4d67 + * scd/ccid-driver.c (find_endpoint): Don't return Bulk endpoint as + Interrupt endpoint. + (ccid_poll): Call libusb_interrupt_transfer. + +2017-01-19 Werner Koch <wk@gnupg.org> + + build: Print a commit id in the generated ChangeLog. + + commit e926f30a1cda75f6334b79c303b5134f0441a3dc + * build-aux/gitlog-to-changelog: Print an extra line with the commit + id. + + common: Fix buffer copy code again. + + commit e031b3c16cfec583c4322c84d299b355f0849c77 + * common/exectool.c (my_error_from_errno): Remove. + (copy_buffer_do_copy): Do without var RC. + (copy_buffer_flush): Ditto. Use ERRNO instead of es_write return + code. + (gnupg_exec_tool): Correctly return errors from es_read. + +2017-01-19 Damien Goutte-Gattat <dgouttegattat@incenp.org> + + gpg: Allow to freeze faked system time. + + commit 3daeef702b2e6a42f0f396b828f86ffc3f33fc88 + * g10/gpg.c (main): If the parameter for --faked-system-time + ends with a '!', freeze time at the specified point. + * common/gettime.c (gnupg_set_time): Allow to freeze the time + at an arbitrary time instead of only the current time. + * doc/gpg.texi: Update documentation for --faked-system-time. + +2017-01-19 Werner Koch <wk@gnupg.org> + + common: Clarify use of vars in buffer copy code. + + commit 55c9212a2338bf0b07c8cf3a69bcedaa28d48d43 + * common/exectool.c (my_error_from_errno): New. + (copy_buffer_do_copy): Use separate vars for errno values and + gpg-error values for clarity. s/assert/log_assert/. + (copy_buffer_flush): Ditto. + (gnupg_exec_tool_stream): Use gpg_err_code when testing. + +2017-01-19 NIIBE Yutaka <gniibe@fsij.org> + + dirmngr: Add setup of CA for NTBTLS. + + commit 367349b4dcc97718f8ae1163d1389d2a46fc3453 + * dirmngr/http.c [HTTP_USE_NTBTLS] (http_session_new): Add CA by + ntbtls_set_ca_chain. + +2017-01-18 Justus Winter <justus@g10code.com> + + common: Fix flushing copy buffers. + + commit 34fa2d79a07a079be472c3ff486debfdac8c6070 + * common/exectool.c (copy_buffer_flush): Write and flush the data, but + do not hide EAGAIN from the caller. + (gnupg_exec_tool_stream): Retry on EAGAIN. + +2017-01-18 Werner Koch <wk@gnupg.org> + + agent: Reduce sleep time in the progress callback. + + commit 3d356d165aed7d76a3ea811b1d24ed0a05ac90d4 + * agent/gpg-agent.c (agent_libgcrypt_progress_cb): Reduce sleep time + from 100ms to 1ms or use gpgrt_yield when build against a recent + libgpg-error. + + gpgconf: Allow "all" for --launch, --kill, and --reload. + + commit 2312248b2e3adffa52d8a3ac4f24fe2c88f0f569 + * tools/gpgconf-comp.c (gc_component_launch): Allow -1 for COMPONENT. + (gc_component_kill): Ditto. + (gc_component_reload): For robustness change the condition to < 0. + * tools/gpgconf.c (main) <aLaunch, aKill, aReload>: Support argument + "all". + + gpg: Remove unused definitions. + + commit 701f54eccf3da3319dd6d74f46b852c64d90bc52 + * g10/keydb.h (rt_UNKNOWN, rt_RING): Remove constants. + (keyblock_pos_struct, KBPOS): Remove struct and type. + +2017-01-18 NIIBE Yutaka <gniibe@fsij.org> + + scd: Cleanup SERIALNO protocol. + + commit 79cea89774e6327b6785e22b7057f9e3e188ac2b + * scd/app.c (app_get_serial_and_stamp): Remove. + (app_get_serialno): New. + (app_write_learn_status): Use send_status_direct. + (app_getattr): Use app_get_serialno for SERIALNO and + send with send_status_direct. + * scd/app-openpgp.c (do_getattr): Likewise. + * scd/command.c (cmd_serialno): Don't send TIMESTAMP of 0. + (cmd_learn): Likewise. Don't inquire with TIMESTAMP of 0. + + scd: Add "card_list" sub command for GETINFO. + + commit 8b1f24a29ebc7651437c01990215a55b1136dae0 + * scd/app.c (app_send_card_list): New. + * scd/command.c (cmd_getinfo): Fix "status" sub command. + Add "card_list" sub command. + +2017-01-17 Werner Koch <wk@gnupg.org> + + build: Handle packages with dashes in --find-version. + + commit a09f258b1412209763222e2e81bab79663e4d685 + * autogen.sh (--find-version): Improve version extraction. + * (--help): Extend. + + gpg: Clean bogus subkey binding when cleaning a key. + + commit 356323768a1a29138581d0aceed0336ab8be0d5c + * g10/trust.c (clean_key): Also clean bogus subkey bindings. + + gpg: Sync print of additional sig data in --edit-key. + + commit 766c25018b288a7185c6da6adac0dec01a64e94a + * g10/keylist.c (show_policy_url): Implement MODE -1. + (show_keyserver_url): Ditto. + (show_notation): Ditto. + * g10/keyedit.c (print_one_sig): Print policy URL, keyserver URL and + notation data to the tty. + + common: Remove unused function tty_print_string. + + commit bae42e543799a428e59bad870aed9719dd6e6e45 + * common/ttyio.c (tty_print_string): Rename to ... + (do_print_string): this. Make local. Simplify FP case by using + print_utf8_buffer. Change caller. + + gpg: Prepare some key cleaning function for use with secret key packets. + + commit adbfbf608e75cdd72ae7b3a538b91bc0e236a18f + * g10/trust.c (mark_usable_uid_certs): Allow use of secret key packets. + (clean_sigs_from_uid): Ditto. + (clean_uid_from_key): Ditto. + (clean_one_uid): Ditto. + (clean_key): Ditto. + +2017-01-16 Werner Koch <wk@gnupg.org> + + dirmngr: Implement hkps lookups using literal addresses. + + commit e6aebfe3d0f16c483296fd125b66a44017fe15f4 + * dirmngr/ks-engine-hkp.c (map_host): For literal addresses do a + reverse lookup. + + dirmngr: Allow reverse DNS lookups in Tor-mode. + + commit 9850124c7bdf0a0e7c1866abc85f3437257d7095 + * dirmngr/dns-stuff.c (resolve_dns_name): Move up in the file. + (resolve_addr_libdns): New. + (resolve_dns_addr): Divert to resolve_dns_addr. + + dirmngr: Avoid network queries for literal IP addresses. + + commit daae97bc14742c75408c4eb05808a2102cfe2bcf + * dirmngr/dns-stuff.c (resolve_name_libdns): USe flags AI_NUMERICHOST + for literal IP addresses. + (resolve_name_standard): Ditto. + + dirmngr: Fix URL creation for literal IPv6 addresses in HKP. + + commit 82646bbf1a5a7d745da81b239a12667a51703dc1 + * dirmngr/dns-stuff.c (is_ip_address): Make the return value depend on + the address family. + * dirmngr/ks-engine-hkp.c (map_host): Rename arg R_POOLNAME to + R_HTTPHOST because that is its purpose. Note that the former + behaviour of storing a NULL to indicate that it is not a pool has not + been used. + (make_host_part): Ditto. + (make_host_part): Make sure that literal v6 addresses are correclty + marked in the constructed URL. + +2017-01-16 Justus Winter <justus@g10code.com> + + tests: Improve GPGHOME handling. + + commit 8b1611a9605b636db3e07a9d81016a11b318724c + * tests/openpgp/defs.scm (GPGHOME): New variable. + * tests/openpgp/ssh-import.scm: Remove redundant code, use 'path-join'. + * tests/openpgp/tofu.scm: Likewise. + +2017-01-16 NIIBE Yutaka <gniibe@fsij.org> + + agent: Ask specific SERIALNO for pksign/pkdecrypt. + + commit 0801f49b0dc7102943f0e9fa51061f50f5708ca6 + * agent/call-scd.c (agent_card_serialno): Add DEMAND argument. + * agent/command-ssh.c (card_key_available): Follow the change. + * agent/learncard.c (agent_handle_learn): Likewise. + * agent/divert-scd.c (ask_for_card): Use DEMAND argument. + + scd: Add --demand option for SERIALNO. + + commit 2e6f1c99d4f66a23a752092397e20a84964edf48 + * scd/app.c (select_application): Add SERIALNO_BIN and SERIALNO_BIN_LEN + arguments. Return matched APP with a serial number when specified. + * scd/command.c (open_card): Modify for the implicit open only. + (open_card_with_request): New for explicit open and support match with a + serial number. + (cmd_serialno): Support --demand option. + (cmd_learn, cmd_readcert, cmd_readkey, cmd_pksign, cmd_pkauth) + (cmd_pkdecrypt, cmd_getattr, cmd_setattr, cmd_writecert, cmd_writekey) + (cmd_genkey, cmd_random, cmd_passwd, cmd_checkpin, cmd_apdu): Follow + the change of open_card. + +2017-01-12 Werner Koch <wk@gnupg.org> + + build: Make autogen.sh more POSIX friendly (next try) + + commit 3db76c9277d918dec9721a6439f4db3b3c06aba3 + * autogen.sh: Fix dd count to 5. + + gpg: Rename a var to avoid a shadowing warning. + + commit c99a09f111c5980ae034faaea61a00d9ad60463c + * g10/keygen.c (keygen_set_std_prefs): Rename variable. + + tests: Fix t-gettime for a time_t of 64 and a long of 32 bit. + + commit 5c0777e1ca02ff1767755c417b64d6f78e02f475 + * configure.ac (AC_CHECK_HEADERS): Add stdint.h. + * common/t-gettime.c: Include stdint.h. + (UINTMAX_C): Define replacement. + (test_isotime2epoch): Use UINTMAX_C for the >32 bit constants. + + build: Make autogen.sh more POSIX friendly. + + commit 3c00b52f7cb0fbd756c0bbe5134b8f2d69c60dd1 + * autogen.sh: Replace non POSIX "cp -a" and "head -c". + + libdns: Silence -Wstrict-prototypes on some function ptrs. + + commit 97372b39cd9b4c84a083eadbf072fff77799617f + * dirmngr/dns.c (dns_rrtype): Ignore -Wstrict-prototypes warning. + + libdns: Provide replacement for EPROTO. + + commit 0fadff9cdde47e42f7e428bc903b3626c67ba9c0 + * dirmngr/dns.c (EPROTO) ![EPROTO]: Define to EPROTONOSUPPORT. + +2017-01-11 Werner Koch <wk@gnupg.org> + + dirmngr: After a connection failure log a hint if Tor is not running. + + commit 20dfcfe08c618d23134d5d6efef7676b090f30d3 + * dirmngr/ks-engine-hkp.c (handle_send_request_error): Check whether + Tor is running. + + dirmngr: Mark hosts dead on ENETDOWN. + + commit 76fb2febde10da8237bbe7613830b51af2a45139 + * dirmngr/ks-engine-hkp.c (handle_send_request_error): Take care of + ENETDOWN. + + dirmngr: Fix Tor access for v6 addresses. + + commit 09aeac41c97bc8ecb44a09886c7fdbd9a6ec5c7f + * dirmngr/http.c (use_socks): New. + (my_sock_new_for_addr): New. + (connect_server): Replace assuan_sock_new by my_sock_new_for_addr. + + dirmngr: Remove warnings about unused global variables. + + commit 915864e7f0315b0c96315d0bcd48b1b93592353a + * dirmngr/crlcache.c (oidstr_issuingDistributionPoint): Comment. + * dirmngr/ocsp.c (oidstr_certHash): Comment. + + dirmngr: Implement debug option "network" for http. + + commit da894c48ec3393e7c815f575daa5a52ab37cc102 + * dirmngr/dirmngr.c (parse_rereadable_options): Set http debugging. + + dirmngr: Add debug code to http.c. + + commit 02ab4b0085f8b4cdfe163d25ddd0fc80753d7f4a + * dirmngr/http.c (opt_verbose, opt_debug): New vars. + (http_set_verbose): New function. + (_my_socket_new): Add debug output. + (_my_socket_ref, _my_socket_unref, session_unref): Call log_debug if + OPT_DEBUG has ben set to 2 in a debugger. + (http_session_new, http_session_ref): Ditto. + (send_request, http_start_data): Print debug output for the request. + (parse_response): Change to use log_debug_string for the response. + + common: New function log_debug_with_string. + + commit 088d71d3671e74eb088386026f0e439a7e3b5543 + * common/logging.c (do_logv): Factor some code out to ... + (print_prefix): new. + (log_logv): Add arg EXTRASTRING and print it. Change all callers to + pass NULL for it. + (log_debug_with_string): New. Uses EXTRASTRING. + +2017-01-11 Daniel Kahn Gillmor <dkg@fifthhorseman.net> + + common: Avoid unnecessary ambiguity in argparse. + + commit 7249ab0f95d1f6cb8ee61eefedc79801bb56398f + * common/argparse.c (find_long_option): Avoid unnecessary ambiguity. + +2017-01-10 Daniel Kahn Gillmor <dkg@fifthhorseman.net> + + systemd-user: Enable "systemctl --user reload {dirmngr,gpg-agent}" + + commit a20a450ac4ef10847fd59a5fd3acbbd2bfcaa6a2 + * doc/examples/systemd-user/*.service: Add ExecReload directives to + indicate the canonical way to reload the services. + + GnuPG recommends reloading the agent and dirmngr with "gpgconf + --reload". if anyone is running them as systemd user services, they + might ask them to reload in the systemd way, so teach systemd the + right thing to do. + +2017-01-10 Justus Winter <justus@g10code.com> + + tests: Improve gpgconf test. + + commit 88e42ef08d65d4d1bc29c6cea48df19ca0d5e2bd + * tests/openpgp/defs.scm (valgrind): New variable. + (gpg-config): Fix clearing an option. + * tests/openpgp/gpgconf.scm: Also toggle 'quiet'. + + tools: Fix memory leaks and improve error handling. + + commit 1f5caf90bfaaaf7b9d8c06c12087aeeae3748032 + * tools/gpgconf-comp.c (gc_option_free): New function. + (gc_components_free): Likewise. + (gc_components_init): Likewise. + (retrieve_options_from_program): Use 'xfree', fix memory leak. + (change_options_program): Improve error handling. + (gc_component_change_options): Fix memory leaks. + * tools/gpgconf.c (main): Initialize components. + * tools/gpgconf.h (gc_components_init): New prototype. + + tests: Add test for gpgconf. + + commit c8cfc62125aceee0ca48aab5c8a9fea1ec1ef652 + * tests/openpgp/Makefile.am (XTESTS): Add new test. + * tests/openpgp/defs.scm (percent-encode): New function. + (gpg-conf): Generalize so that we can feed stdin. + (gpg-config): New function. + * tests/openpgp/gpgconf.scm: New file. + + common: Fix fallback code. + + commit bfd6a490129ffc7c7ac8776bf5a5da3b1ddf6d42 + * common/logging.c (_log_assert): Fix the variant for compilers that + do not support __FUNCTION__. + * common/logging.h (_log_assert): Likewise. + +2017-01-09 Werner Koch <wk@gnupg.org> + + dirmngr: Use "pgpkey-hkps" and "pgpkey-hkp" for SRV record lookups. + + commit 0cc975d8a1cd54115938202432e43263b8893ea4 + * dirmngr/ks-engine-hkp.c (map_host): Chnage arg NO_SRV to SRVTAG. + (make_host_part): Rewrite. + + dirmngr: Do not use a SRV record for HKP if a port was specified. + + commit c2cbe2f87c480c62239dc4c2cbb352acd98cd267 + * dirmngr/http.h (parsed_uri_s): Add field EXPLICIT_PORT. + * dirmngr/http.c (do_parse_uri): That it. + * dirmngr/ks-engine-hkp.c (map_host): Add arg NO_SRV. + (make_host_part): Ditto. + (ks_hkp_resolve): Set NO_SRV from EXPLICIT_PORT. + (ks_hkp_search): Ditto. + (ks_hkp_get): Ditto. + (ks_hkp_put): Ditto. + +2017-01-08 Werner Koch <wk@gnupg.org> + + dirmngr: Implement experimental SRV record lookup for WKD. + + commit 88dc3af3d4ae1afe1d5e136bc4c38bc4e7d4cd10 + * dirmngr/server.c (cmd_wkd_get): Support SRV records. + + dirmngr: Improve debug output for TLS. + + commit 714faea4fa7f30d42e9986358214a99aa8fa57b3 + * dirmngr/misc.c (dump_cert): Also print SubjectAltNames. + + dirmngr: Change internal SRV lookup API. + + commit 16078f3deea5b82ea26e2f01dbd3ef3a5ce25410 + * dirmngr/dns-stuff.c (get_dns_srv): Add args SERVICE and PROTO. + * dirmngr/http.c (connect_server): Simplify SRV lookup. + * dirmngr/ks-engine-hkp.c (map_host): Ditto. + * dirmngr/t-dns-stuff.c (main): Adjust for changed get_dns_srv. + + dirmngr: Strip root zone suffix from libdns SRV results. + + commit 9fa94aa10778bbd680315e93b23175423e338c40 + * dirmngr/dns-stuff.c (getsrv_libdns): Strip trailing dot from the + target. + +2017-01-06 Werner Koch <wk@gnupg.org> + + agent,w32: Fix annoying output to DebugView. + + commit 8d774904c8066d8c0f19cfffe2d568979bb8c470 + * agent/gpg-agent.c (startup_fd_list): Do not define for W32. + (main) [W32]: Do not call get_all_open_fds. + +2017-01-06 NIIBE Yutaka <gniibe@fsij.org> + + scd: Fix for --disable-ccid for scdaemon. + + commit 858e14cd794e2a6125d51e652a754bbe26def997 + * scd/apdu.c (apdu_dev_list_finish): Don't call ccid_dev_scan_finish + with no table. + (apdu_open_reader): Only increment when it's zero. + + scd: Fix for --disable-ccid-driver. + + commit 62268a2732dddca7a05ca4cf45d0e4338c7dc3c4 + * scd/apdu.c [HAVE_LIBUSB] (apdu_dev_list_start): Conditionalize. + [HAVE_LIBUSB] (apdu_dev_list_finish, apdu_open_reader): Likewise. + + scd: Support multiple readers by CCID driver. + + commit 8a41e73c31adb86d4a7dca4da695e5ad1347811f + * scd/apdu.c (new_reader_slot): Lock is now in apdu_dev_list_start. + (close_pcsc_reader_direct, close_ccid_reader): RDRNAME is handled... + (apdu_close_reader): ... by this function now. + (apdu_prepare_exit): Likewise. + (open_ccid_reader): Open with dev_list. + (apdu_dev_list_start, apdu_dev_list_finish): New. + (apdu_open_one_reader): New. + (apdu_open_reader): Support multiple readers. + * scd/app.c (select_application): With SCAN, opening all readers + available, and register as new APP. + (app_write_learn_status): app->ref_count == 0 is valid for APP which is + not yet used. + (app_list_start, app_list_finish): New. + * scd/ccid-driver.c (struct ccid_driver_s): Remove RID and BCD_DEVICE. + Add BAI. + (parse_ccid_descriptor): BCD_DEVICE is now on the arguments. + (ccid_dev_scan, ccid_dev_scan_finish): New. + (ccid_get_BAI, ccid_compare_BAI, ccid_open_usb_reader): New. + (ccid_open_reader): Support multiple readers. + (ccid_set_progress_cb, ccid_close_reader): No RID any more. + +2017-01-05 Werner Koch <wk@gnupg.org> + + Silence two -Wlogical-op warnings. + + commit 6170eb809033c9d144abf3b1f31f8b936878cdd4 + * common/tlv.c (parse_ber_header): Avoid compiler warning about a + duplicate condition. + * tools/gpgtar-create.c (pattern_valid_p): Likewise. + +2017-01-05 Justus Winter <justus@g10code.com> + + tests: New test for --{show,override}-session-key. + + commit 168c8c9d79a817c1f08a9ef976dab377f8c4c69e + * tests/openpgp/Makefile.am (XTESTS): Add new test. + * tests/openpgp/decrypt-session-key.scm: New file. + + tests: Fix macro. + + commit 4ded213698123a425393b89a800fda2a4ec5229d + * tests/openpgp/defs.scm (with-ephemeral-home-directory): Make + hygienic, use define-macro, do not change to the ephemeral home + directory. + * tests/gpgsm/setup.scm: Change to the ephemeral home directory. + * tests/openpgp/setup.scm: Likewise. + +2017-01-04 Daniel Kahn Gillmor <dkg@fifthhorseman.net> + + g10: avoid warning when --disable-tofu. + + commit 38671cfe5a2a40bb991619f4cb992c42b5f1e8cd + If configured with --disable-tofu, we see compiler warnings about an + unused variable. This should remove those warnings. + +2017-01-04 Justus Winter <justus@g10code.com> + + tests,w32: Fix locating the components. + + commit 28e149609da44fab600f6a11b385d1c8ca8e7eb9 + * tests/openpgp/defs.scm (percent-decode): New function. + (bin-prefix): New variable. + (installed?): Likewise. + (tool-hardcoded): Use the new variables. + (gpg-conf): Use the new function to decode the values. + (gpg-components): Do not use '--build-prefix' when 'installed?'. + +2017-01-03 Werner Koch <wk@gnupg.org> + + dirmngr: Make sure Tor mode is also set for DNS on SIGHUP. + + commit 969512401603639e4467ede7d892f1b02582c2c9 + * dirmngr/dns-stuff.c (enable_dns_tormode): Always succeed. + (reload_dns_stuff): Reset tor port. + * dirmngr/dirmngr.c (set_tor_mode): Also enable Tor mode for DNS. + (main): Remove warning that Tor mode may not fully work. + * dirmngr/server.c (cmd_dns_cert): Remove explicit Tor for DNS + initialization. + * dirmngr/t-dns-stuff.c (main): Remove option --new-circuit and error + checking for enable_dns_tormode. + + dirmngr: New debug message on correctly initialized libdns. + + commit 0004d52ba2f1245c84f95a151342ad99fd72ca3d + * dirmngr/dns-stuff.c (libdns_init): Add debug level diagnostic on + success. + +2017-01-02 Justus Winter <justus@g10code.com> + + common: Turn assertions into expressions. + + commit a1e0d4a1e75fc6e6c3392a4e1d1d27005b38d6cc + * common/logging.h (log_assert): Turn this into an expression so it + can be used in expressions. + + tests: Fix faked time in the TOFU test. + + commit 6d065198337b5242889723481bfa9ce81aa108bb + * tests/openpgp/tofu.scm (GPG): Fix time delta. + +2017-01-02 Werner Koch <wk@gnupg.org> + + g13: Improve printing of debug infos. + + commit 5b6ebfb9244602d9de31d61c7eceb0c45ac8aa49 + * g13/g13tuple.c (all_printable): Make it work. + + Replace use of variable-length-arrays. + + commit 6b84ecbf312d98ac8cce9fe5facdc815bc742fa1 + * common/t-iobuf.c (main): Replace variable-length-array. + * g10/gpgcompose.c (mksubpkt_callback): Ditto. + (encrypted): Ditto. + * g10/t-stutter.c (log_hexdump): Ditto. + (oracle_test): Ditto. + * g10/tofu.c (get_policy): Ditto. Use "%zu" for size_t. + * scd/app-openpgp.c (ecc_writekey): Replace variable-length-array. + Check for zero length OID_LEN. + +2017-01-02 Justus Winter <justus@g10code.com> + + gpgscm: Fail if too many arguments are given. + + commit b0e14bd6ff8401b12b2b39f75aef94d3ad28017f + * tests/gpgscm/scheme.c (opexe_0): Enable check. + * tests/gpgscm/tests.scm (test::report): Remove superfluous argument. + + gpgscm: Add 'finally', rework all macros. + + commit b79274a3b7e58f88e9a8c1dc1fb24dd3e983543c + * tests/gpgscm/init.scm (finally): New macro. + * tests/gpgscm/tests.scm (letfd): Rewrite. + (with-working-directory): Likewise. + (with-temporary-working-directory): Likewise. + (lettmp): Likewise. + + gpgscm: Use boxed values for source locations. + + commit e8b843508dac96e9d0a3140954dd5a3618669cec + * tests/gpgscm/scheme-private.h (struct port): Use boxed values for + filename and current line. This allows us to use the same Scheme + object for labeling all expressions in a file. + * tests/gpgscm/scheme.c (file_push): Use boxed type for filename. + (mark): Mark location objects of port objects. + (gc): Mark location objects in the load stack. + (port_clear_location): New function. + (port_reset_current_line): Likewise. + (port_increment_current_line): Likewise. + (file_pop): Adapt accordingly. + (port_rep_from_filename): Likewise. + (port_rep_from_file): Likewise. + (port_close): Likewise. + (skipspace): Likewise. + (token): Likewise. + (_Error_1): Likewise. + (opexe_0): Likewise. + (opexe_5): Likewise. + (scheme_deinit): Likewise. + (scheme_load_file): Likewise. + (scheme_load_named_file): Likewise. + +2017-01-02 Werner Koch <wk@gnupg.org> + + dirmngr: Strip root zone suffix from libdns cname results. + + commit b200e636ab20d2aa93d9f71f3789db5a04af0a56 + * dirmngr/dns-stuff.c (resolve_name_libdns): Strip trailing dot. + (get_dns_cname_libdns): Ditto. + +2016-12-30 NIIBE Yutaka <gniibe@fsij.org> + + scd: Fix select_application. + + commit 337690441fcb19343fe56b139f5649bed7d25c83 + * scd/app.c (select_application): Fix the condition for open. + + scd: Fix card removal monitor. + + commit f300e12a793d59deb1a369713384eaabfa39b3e6 + * scd/app.c (app_reset): Call send_client_notification with REMOVAL. + (scd_update_reader_status_file): Likewise. + * scd/command.c (send_client_notifications): Distinguish removal. + +2016-12-29 NIIBE Yutaka <gniibe@fsij.org> + + scd: Improve internal CCID driver. + + commit cdc8d0bd933b958db878861587322bc541b580b3 + * scd/ccid-driver.c (scan_or_find_usb_device): Don't scan for + configuration but use active configuration. Support alt_setting. + (scan_or_find_devices): Support alt_setting. + (ccid_open_reader): Support alt_setting. + + scd: Fix a race condition for new_reader_slot. + + commit c48cf7e32ffa02ebdf00265543344c611bef0431 + * scd/apdu.c (reader_table_lock, apdu_init): New. + (new_reader_slot): Serialize by reader_table_lock. + * scd/app.c (lock_app, unlock_app, app_new_register): Fix error code + usage. + (initialize_module_command): Call apdu_init. + * scd/scdaemon.c (main): Handle error for initialize_module_command. + +2016-12-28 NIIBE Yutaka <gniibe@fsij.org> + + scd: APP centric approach for device management. + + commit 4cc9fc5eb9bd91d943c185d59da4a2b4cb885ee6 + * scd/app.c (lock_app): Rename from lock_reader and use internal field + of APP. + (unlock_app): Likewise. + (app_dump_state): Use APP. + (application_notify_card_reset): Remove. + (check_conflict): Change API for APP, instead of SLOT. + (check_application_conflict): Likewise. + (release_application_internal): New. + (app_reset): New. + (app_new_register): New. + (select_application): Change API for APP, instead of SLOT. + (deallocate_app, release_application): Modify for manage link. + (report_change): New. + (scd_update_reader_status_file): Moved from command.c and + use APP list, instead of VREADER. + (initialize_module_command): Moved from command.c. + + * scd/command.c (TEST_CARD_REMOVAL): Remove. + (IS_LOCKED): Simplify. + (vreader_table): Remove. + (vreader_slot, update_card_removed): Remove. + (do_reset): Call app_reset. + (get_current_reader): Remove. + (open_card): Add SCAN arg. + (cmd_serialno): No retry, since retry is done in lower layer in apdu.c. + No do_reset, since it is done in lower layer. + Add clearing card_removed flag. + (cmd_disconnect): Call apdu_disconnect. + (send_client_notifications): Modify for APP. + (update_reader_status_file): Remove. + + scd: Simplify monitoring card removal. + + commit f9882d8336feea96e3b5e250e9093f8cca01e08b + * scd/apdu.c (struct reader_table_s): Remove any_status, last_status, + status, and change_counter field. + (new_reader_slot, dump_reader_status, ct_activate_card, open_ct_reader) + (connect_pcsc_card, open_pcsc_reader_direct, open_pcsc_reader_wrapped) + (open_ccid_reader, apdu_reset): Follow the change. + (ct_dump_reader_status): Remove. + (apdu_get_status_internal, apdu_get_status): Remove CHANGED arg. + (apdu_connect): Follow the change. + * scd/command.c (struct vreader_s): Remove reset_failed, any, and + changed field. + (cmd_getinfo, update_reader_status_file): Follow the change. + +2016-12-27 NIIBE Yutaka <gniibe@fsij.org> + + scd: Improve internal CCID driver. + + commit c7ec9c42246033e14ebad679d11f3b1fbeed23b7 + * scd/ccid-driver.c (scan_or_find_usb_device): Fix return value. + Support device with multiple CCID interfaces. Fix the case with + READERNO. Support partial string match of "reader-port" like PC/SC + driver. + +2016-12-23 NIIBE Yutaka <gniibe@fsij.org> + + dirmngr: Fix for --disable-libdns usage. + + commit d26c51825e2255fe58305cbc1cd74fa43f80d93e + * dirmngr/dns-stuff.c (enable_recursive_resolver, set_dns_nameserver) + (reload_dns_stuff): Conditionalize with USE_LIBDNS. + (get_h_errno_as_gpg_error): Map HOST_NOT_FOUND to GPG_ERR_NO_NAME. + +2016-12-22 Neal H. Walfield <neal@g10code.com> + + tools: Show a clearer error message if a server doesn't support WKS. + + commit 1909e994cb87d6c6866a465f0c20a456d4df46cc + * tools/gpg-wks-client.c (command_send): If we fail to lookup the + submission address, print a better error message. If it is because + the corresponding file doesn't exist, provide the hint that the server + probably doesn't support WKS. + +2016-12-22 Werner Koch <wk@gnupg.org> + + wks: Let the client ignore missing policy flags. + + commit e917dfcd973a3ebbf5eb584e819ffa89f932bfef + * tools/gpg-wks-client.c (command_send): Ignore missing policy flags. + +2016-12-22 NIIBE Yutaka <gniibe@fsij.org> + + scd: Clean up internal API for APP. + + commit 8431f5a7e88e1f42d75c4a4b61f4aa9b35457204 + * scd/app-common.h (app_readcert, app_readkey, app_setattr, app_sign, + app_auth, app_decipher, app_get_challenge, app_check_pin): Add CTRL as + the second argument. + * scd/app.c: Supply CTRL to lock_reader calls. + * scd/command.c (cmd_readcert, cmd_readkey, cmd_pksign, cmd_auth, + cmd_pkdecrypt, cmd_setattr, cmd_random, cmd_checkpin): Follow the + change. + +2016-12-21 Justus Winter <justus@g10code.com> + + gpgscm: Guard use of union member. + + commit 6e96cdd41a0e55b672309431062f37c4a4a9f485 + * tests/gpgscm/scheme.c (opexe_5): Check that we have a file port + before accessing filename. Fixes a crash on 32-bit architectures. + +2016-12-20 Werner Koch <wk@gnupg.org> + + tests: Avoid skipping exectool tests. + + commit 6204f8104fea42d706a68e77e2dc0bca4704bddc + * common/t-exectool.c (test_executing_true): Try also /usr/bin/true. + (test_executing_false): Try also /usr/bin/false. + +2016-12-20 Justus Winter <justus@g10code.com> + + tests: Add test suite for gpgsm. + + commit 36c14139285982def6ad942d4b2d8bef7ed4ea76 + * configure.ac (AC_CONFIG_FILES): Add new file. + * tests/Makefile.am (SUBDIRS): Add new directory. + * tests/gpgsm/32100C27173EF6E9C4E9A25D3D69F86D37A4F939: New file. + * tests/gpgsm/Makefile.am: Likewise. + * tests/gpgsm/cert_dfn_pca01.der: Likewise. + * tests/gpgsm/cert_dfn_pca15.der: Likewise. + * tests/gpgsm/cert_g10code_test1.der: Likewise. + * tests/gpgsm/decrypt.scm: Likewise. + * tests/gpgsm/encrypt.scm: Likewise. + * tests/gpgsm/export.scm: Likewise. + * tests/gpgsm/gpgsm-defs.scm: Likewise. + * tests/gpgsm/import.scm: Likewise. + * tests/gpgsm/plain-1.cms.asc: Likewise. + * tests/gpgsm/plain-2.cms.asc: Likewise. + * tests/gpgsm/plain-3.cms.asc: Likewise. + * tests/gpgsm/plain-large.cms.asc: Likewise. + * tests/gpgsm/run-tests.scm: Likewise. + * tests/gpgsm/setup.scm: Likewise. + * tests/gpgsm/shell.scm: Likewise. + * tests/gpgsm/sign.scm: Likewise. + * tests/gpgsm/verify.scm: Likewise. + + tests: Add macro managing ephemeral home directories. + + commit c067a012c764218b94ce8de2914615a895a75f3e + * tests/openpgp/defs.scm (with-ephemeral-home-directory): New macro. + * tests/openpgp/setup.scm: Use the new macro. + + tests: Move argument parser. + + commit a30c0a6972cabde3858108e9020e900696094843 + * tests/gpgme/gpgme-defs.scm (flag): Move... + * tests/gpgscm/tests.scm: ... over here. + + tests: Add missing encrypted sample, cleanup samples handling. + + commit e2ed3c1597daf3188ddce049cc3c50113d56f1b9 + * tests/openpgp/Makefile.am (TEST_FILES): Add new file. + * tests/openpgp/defs.scm (plain-files): Add 'plain-large'. + (all-files): New variable. + (create-sample-files): New function. + (create-legacy-gpghome): Use new function. + * tests/openpgp/plain-large.asc: New file. + +2016-12-20 Werner Koch <wk@gnupg.org> + + Release 2.1.17. + + commit ade32464a25fdb35cc0f39e46d303ceba68ea8f6 + + + sm: Remove wrong example from gpgsm --help. + + commit 13465e708bb67e816e4fb3a37c117ad91dc6383f + * sm/gpgsm.c (opts): Remove group 303. + + dirmngr: New option --resolver-timeout. + + commit 81c012787fabf734d9c952c6f18ecac21929d4d8 + * dirmngr/dns-stuff.c (DEFAULT_TIMEOUT): New. + (opt_timeout): New var. + (set_dns_timeout): New. + (libdns_res_open): Set the default timeout. + (libdns_res_wait): Use configurable timeout. + (resolve_name_libdns): Ditto. + + * dirmngr/dirmngr.c (oResolverTimeout): New const. + (opts): New option --resolver-timeout. + (parse_rereadable_options): Set that option. + (main) <aGPGConfList>: Add --nameserver and --resolver-timeout. + * tools/gpgconf-comp.c (gc_options_dirmngr): Add --resolver-timeout + and --nameserver. + + * dirmngr/http.c (connect_server): Fix yesterday introduced bug in + error diagnostic. + +2016-12-19 Werner Koch <wk@gnupg.org> + + dirmngr: Fix problems with the getsrv function. + + commit af8b68fae39b1378c769e0de6ba6437ea1aac7e3 + * dirmngr/dns-stuff.c (opt_debug, opt_verbose): New vars. + (set_dns_verbose): New func. + (libdns_switch_port_p): Add debug output. + (resolve_dns_name): Ditto. + (get_dns_cert): Ditto. + (get_dns_cname): Ditto. + (getsrv_libdns, getsrv_standard): Change SRVCOUNT to an unsigend int. + (getsrv): Rename to ... + ((get_dns_srv): this. Add arg R_COUNT and return an error. Add debug + output. + * dirmngr/http.c: Adjust for chnaged getsrv(). + * dirmngr/ks-engine-hkp.c (map_host): Ditto. + * dirmngr/t-dns-stuff.c (main): Ditto. Call set_dns_verbose. + * dirmngr/dirmngr.c (parse_rereadable_options): Call set_dns_verbose. + + build: Add target to sign the windows installer. + + commit 284ec54495dddc9eb0232e959cf994234097578a + * build-aux/speedo.mk (w32-sign-installer): New. + (AUTHENTICODE_KEY): New. + (installer-from-source): Use cp instead of mv. Factor code out to ... + (MKSWDB_commands): new macro. + (sign-installer): New. + +2016-12-19 Justus Winter <justus@g10code.com> + + tests: Use the common test framework for the migration tests. + + commit 65a0d6a24e6299682793f213a9d2bae17c5b12d9 + * tests/migrations/Makefile.am (reqired_pgms): Add 'gpgscm'. + (TESTS_ENVIRONMENT): Populate. + (TESTS): Rename to 'XTESTS'. + (xcheck): New target. + (EXTRA_DIST): Add new files. + (CLEANFILES): Remove log files. + * tests/migrations/common.scm: Honor 'verbose', fix paths. + * tests/migrations/run-tests.scm: New file. + * tests/migrations/setup.scm: Likewise. + + tests: Use sequential test runner if only one test is given. + + commit 0bf16d702665a269ce5ef724c927fbbd8f7f1ce9 + * tests/openpgp/run-tests.scm: Use sequential test runner if only one + test is given. + +2016-12-19 Werner Koch <wk@gnupg.org> + + dirmngr,w32: Hack around a select problem. + + commit d51499fdc522a696f23c6776c3ab248742f4e06a + * dirmngr/dns.c (FD_SETSIZE): Bump up to 1024. + (dns_poll): Return an error instead of hitting an assertion failure. + +2016-12-19 Neal H. Walfield <neal@g10code.com> + + test: Extend TOFU tests to also check the days with signatures. + + commit aec89a7297bae30f79a63fdc830530e82bab6170 + * tests/openpgp/tofu.scm (GPGTIME): Define the "standard" base time. + (faketime): New function. + (days->seconds): Likewise. + (GPG): Use faketime. + (check-counts): Also check the number of expected days with signatures + and encryptions. Update callers. Extend tests. + +2016-12-19 Justus Winter <justus@g10code.com> + + tests: New test for --delete-[secret-]keys. + + commit a1afc450e182af02ad5e6f6ba79e9dc4332ca2bc + * tests/openpgp/Makefile.am (XTESTS): Add new test. + * tests/openpgp/defs.scm (keys): New variable. + (have-public-key?): New function. + (have-secret-key?): Likewise. + (have-secret-key-file?): Likewise. + * tests/openpgp/delete-keys.scm: New file. + * tests/openpgp/quick-key-manipulation.scm: Move the accessors to + 'defs.scm'. + + gpgscm: Change associativity of ::. + + commit a45dc0849da0d944ec8c759bc8e3e733b1eb0079 + * tests/gpgscm/scheme.c (mk_atom): Change associativity of the :: + infix-operator. This makes it possible to naturally express accessing + nested structures (e.g. a::b::c). + + gpgscm: Display location when assertions fail. + + commit 3949cbd1128585c9b810713aeffaa1455fb5aed9 + * tests/gpgscm/lib.scm (assert): Use location information if + available. + + gpgscm: Make exception handling more robust. + + commit df00745d6eed7034b218a0c482a46d975425798a + * tests/gpgscm/init.scm (throw'): Check that args is a list. + +2016-12-19 Andre Heinecke <aheinecke@intevation.de> + + speedo,w32: Use nsExec::ExecToLog to avoid popups. + + commit 026bbf0d5ee4510967e5f1dd3db2dee4687b0612 + * build-aux/speedo/w32/inst.nsi: Use ExecToLog instead of + ExecWait. + +2016-12-19 Werner Koch <wk@gnupg.org> + + Remove unused debug flags and add "dns" and "network". + + commit e384405b6e251629fb36bcbba4f5f9ac15a39d10 + * g10/options.h (DBG_CARD_IO_VALUE, DBG_CARD_IO): Remove. + * g10/gpg.c (debug_flags): Remove "cardio". + * agent/agent.h (DBG_COMMAND_VALUE, DBG_COMMAND): Remove. + * agent/gpg-agent.c (debug_flags): Remove "command". + * scd/scdaemon.h (DBG_COMMAND_VALUE, DBG_COMMAND): Remove. + * scd/scdaemon.c (debug_flags): Remove "command". + * dirmngr/dirmngr.h (DBG_DNS_VALUE, DBG_DNS): New. + (DBG_NETWORK_VALUE, DNG_NETWORK): New. + * dirmngr/dirmngr.c (debug_flags): Add "dns" and "network". + +2016-12-17 Werner Koch <wk@gnupg.org> + + dirmngr: Fix setup of libdns for W32. + + commit e77b924fec1082faae48cdd2ff8474874a22bdf7 + * configure.ac (DNSLIB) {W32]: Add -liphlpapi. + * dirmngr/dns-stuff.c [W32]: Include iphlpapi.h and define + WIN32_LEAN_AND_MEAN. + (libdns_init) [W32]: Use GetNetworkParams to get the nameserver. + * dirmngr/t-dns-stuff.c (init_sockets): New. + (main): Call it. + +2016-12-16 Werner Koch <wk@gnupg.org> + + dirmngr: Auto-switch from Tor port to Torbrowser port. + + commit 024dbd7162fc1a7694176ebad3c21ee3ea67c024 + * dirmngr/dns-stuff.c (libdns_tor_port): New var. + (set_dns_nameserver): Clear that var. + (libdns_init): Init var to the default port. + (libdns_switch_port_p): New func. + (resolve_dns_name): Use function to switch the port + (get_dns_cert): Ditto. + (getsrv): Ditto. + (get_dns_cname): Ditto. + + dirmngr: Use one context for all libdns queries. + + commit c4e8a3194d6b92f596a6483e486c645de7d2ddd1 + * dirmngr/dns-stuff.c (libdns_reinit_pending): New var. + (enable_recursive_resolver): Set var. + (set_dns_nameserver): Ditto. + (libdns_init): Avoid double initialization. + (libdns_deinit): New. + (reload_dns_stuff): New. + (libdns_res_open): Act upon LIBDNS_REINIT_PENDING. + * dirmngr/t-dns-stuff.c (main): Call reload_dns_stuff to release + memory. + * dirmngr/dirmngr.c (cleanup): Ditto. + (dirmngr_sighup_action): Call reload_dns_stuff to set + LIBDNS_REINIT_PENDING. + + dirmngr: Pass Tor credentials to libdns. + + commit ddb48086833f8b86f0f0d69b21a23f245090ea7a + * dirmngr/dns-stuff.c (tor_credentials): Replace by ... + (tor_socks_user, tor_socks_password): new vars. + (enable_dns_tormode): Set these new vars. + (libdns_res_open): Tell libdns the socks credentials. + + dirmngr: Factor common libdns code out. + + commit 59d3c3e4baffff52548fb5d1766ebf02dd8e1bec + * dirmngr/dns-stuff.c (libdns_res_open): New. Replace all libdns_init + and dns-res_open by a call to this func. + (libdns_res_submit): New wrapper. Replace all dns_res_sumbit calls. + (libdns_res_wait): New function. + (resolve_name_libdns): Replace loop by libdns_res_wait. + (get_dns_cert_libdns): Ditto. + (getsrv_libdns): Ditto. + + gpg,sm: A few more option for --gpgconf-list. + + commit 48671f295ff233765689b6a73021f83ab845a28f + * g10/gpg.c (gpgconf_list): Add --compliance and + --default-new-key-algo. + (parse_compliance_option): + * sm/gpgsm.c (main) <gpgconf-list>: Add --enable-crl-checks. + + gpgconf: New command --apply-profile. + + commit 76cd64a5baf6057b199c01f7999b327f1f4a87bc + * tools/gpgconf.c (aApplyProfile): New. + (opts): New command --apply-profile. + (main): Implement that command. + * tools/gpgconf-comp.c (option_check_validity): Add arg VERBATIM. + (change_options_program): Ditto. + (change_one_value): Ditto. + (gc_component_change_options): Ditto. + (gc_apply_profile): New. + + gpgconf: Fix --apply-defaults. + + commit 6ca3c28da46873416822bf6ab7893db6c56a49d6 + * tools/gpgconf-comp.c: Skip pinentry also in process_all mode. + +2016-12-16 Justus Winter <justus@g10code.com> + + doc: Mention extra information in pinentry status lines. + + commit 12a5265afa7f87ad92fb571e0882e57b07a3c267 + * doc/DETAILS: Mention that 'PINENTRY_LAUNCHED may carry extra + information. + + sm: Fix agent communication. + + commit 3c7d6a1769ed6cc90d86247a814a0dce341512a3 + * sm/call-agent.c (gpgsm_agent_pksign): Fix passing the control handle + to the callback. + (gpgsm_scd_pksign): Likewise. + (gpgsm_agent_reaedkey): Likewise. + +2016-12-16 Neal H. Walfield <neal@g10code.com> + + doc: Fix manual. + + commit a165fa09be4bfbeb97ebe25d551a9045255e5028 + * doc/gpg.texi: Remove comment about options being parsed in-order. + They aren't. + + g10: Use total days, not total messages to compute TOFU validity. + + commit 4a2c210b75d4266e289712e73a42c286aabb07f0 + * g10/tofu.c (write_stats_status): Use the number of days with + signatures / encryptions to compute the validity, not the total number + of signatures / encryptions. + (BASIC_TRUST_THRESHOLD): Adjust given the new semantics. + (FULL_TRUST_THRESHOLD): Likewise. + + g10: Extend TOFU_STATS to emit <sign-days> and <encyrption-days> + + commit 94f6b9010d2e80a75ccbb21426faf0b30195f1ab + * doc/DETAILS: Add SIGN-DAYS and ENCRYPT-DAYS to the TOFU_STATS status + line. + * g10/tofu.c (write_stats_status): Take additional parameters + signature_days and encryption_days. Update callers. Include them in + the tfs record and TOFU status lines. + (show_statistics): Compute the number of days on which we saw a + message signed by FINGERPRINT, and the number of days on which we + encrypted a message to it. + +2016-12-16 Justus Winter <justus@g10code.com> + + doc: Improve section on unattended key generation. + + commit ca02a8b78fca8815388a859962584d75169ae3ee + * doc/gpg.texi: Improve the subsection on unattended key generation by + suggesting the quick key manipulation interface as an alternative, and + by suggesting alternatives to '%pubring' and '%secring'. Simplify + examples accordingly. + + doc: Add documentation for programmatic use of GnuPG. + + commit 116a78eb869c4c589228bd0d6deff7c7a9f92dfb + * doc/gpg.texi: New subsections on programmatic use of GnuPG, + ephemeral home directories, and the quick key manipulation interface. + +2016-12-16 Neal H. Walfield <neal@g10code.com> + + g10: On a TOFU conflict, write the conflicting keys to the status fd. + + commit fea9da4a8afab6f3a49cdbbcc4a7a21f27a6d3e8 + * g10/tofu.c (ask_about_binding): Emit all of the conflicting keys and + their statistics on the status fd. + (get_trust): Likewise, if we don't call ask_about_binding. + (show_statistics): Have the caller pass the policy as returned by + get_policy. Add argument only_status_fd and don't emit any output on + stdout if it is set. Update callers. + + g10: Add missing space. + + commit 6caa2d0ba2bfc0ae93878738b0169483f6b6b462 + * g10/tofu.c (tofu_register_encryption): Add missing space. + +2016-12-15 Justus Winter <justus@g10code.com> + + g10: Avoid translating simple error messages. + + commit 6b16b02109f4bb5b934e456667ff4c0ba7bc85fd + * g10/gpg.c (main): Avoid translating arguments to 'wrong_args'. + + g10: Rework the --quick-* interface. + + commit 41ad04d403de05abe54280d2a84aa51a603194e4 + * g10/gpg.c (opts): Rename options. + (main): Update errors. + * doc/gpg.texi: Update accordingly. + + g10: Rename 'card-edit' to 'edit-card'. + + commit 6e4396723e9e5865015ebf7033628fa3919cf7d1 + * g10/gpg.c (opts): Rename option. + * g10/call-agent.c (agent_scd_learn): Update comment. + * doc/gpg.texi: Update accordingly. + + g10: Spell out --desig-revoke. + + commit 3c691097ca144e9a1d4c9185636c59a848bec85c + * g10/gpg.c (opts): Rename option. + * doc/gpg.texi: Update accordingly. + + g10: Shorten unreasonably long option. + + commit c252627c6fd93bc305c5a5a2f013c3de2d45c6b0 + * g10/gpg.c (opts): Rename 'generate-revocation-certificate' to + 'generate-revocation'. + * doc/gpg.texi: Update accordingly. + * po: Update translations. + + doc: Add aliases of all changed options. + + commit bc6b76ef26f31c54ae1c29c761b8ecc437fcf565 + * doc/gpg.texi: Add the old version of every option that was updated + with the last change set. + * doc/gpgsm.texi: Likewise. + +2016-12-15 Werner Koch <wk@gnupg.org> + + dirmngr: First patch to re-enable Tor support. + + commit 2d1760ffe2ff46b77bd0f38db8b781d9564ae999 + * dirmngr/dns-stuff.c (SOCKS_PORT, TOR_PORT, TOR_PORT2): New + constants. + (libdns_init): Start adding tor support. + (resolve_name_libdns): Pass socks hosts to dns_res_open. + (get_dns_cert_libdns): Ditto. + (getsrv_libdns): Ditto. + (get_dns_cname_libdns): Ditto. + +2016-12-15 Justus Winter <justus@g10code.com> + + build: Fix distcheck. + + commit 0e2055c7d30d987a7a74923a7080b80cce470601 + * tests/gpgme/Makefile.am (CLEANFILES): New variable, clean test logs. + +2016-12-14 Justus Winter <justus@g10code.com> + + tests: Reuse GPGME's tests. + + commit 948cca9c99e701a1668bb5fd6e25f07e35381b4d + * configure.ac (AC_CONFIG_FILES): Add new Makefile. + * tests/Makefile.am (SUBDIRS): Add new directory. + * tests/gpgme/Makefile.am: New file. + * tests/gpgme/gpgme-defs.scm: Likewise. + * tests/gpgme/run-tests.scm: Likewise. + * tests/gpgme/setup.scm: Likewise. + * tests/gpgme/wrap.scm: Likewise. + + common: Support locating components in the build tree. + + commit ca1e9749bfb069d90aa44efbf6f3d611b6104c1b + * common/homedir.c (gnupg_build_directory): New variable. + (gnupg_module_name_called): Likewise. + (gnupg_set_builddir): New function. + (gnupg_set_builddir_from_env): Likewise. + (gnupg_module_name): Support locating components in the build tree. + * common/util.h (gnupg_set_builddir): New prototype. + * tests/openpgp/defs.scm (tools): Drop 'gpg and 'gpg-agent. + (tool): Rename to 'tool-hardcoded. + (gpg-conf): New function, with accessors for the results. + (gpg-components): New variable. + (tool): New function. + * tools/gpgconf.c (enum cmd_and_opt_values): New key. + (opts): New option '--build-prefix'. + (main): Handle new option. + + tests: Rework check for trust models. + + commit 55dc81125abc43cd3cc8db951fc3b8a81767942d + * tests/openpgp/defs.scm (gpg-has-option?): New function. + (have-opt-always-trust): Use a simpler test for that option. This way + that is less distracting when we run the tests with verbose=3. + +2016-12-14 Werner Koch <wk@gnupg.org> + + dirmngr: New configure option --disable-libdns. + + commit d34a2bb410c7c770d26430d69ff77bd83fc407f1 + * configure.ac: Add option --disable-libdns + (USE_LIBDNS): New ac_subst and am_conditional. + (USE_C99_CFLAGS): Set only if libdns is used. + * dirmngr/Makefile.am (dirmngr_SOURCES): Move dns.c and dns.h to ... + (dirmngr_SOURCES) [USE_LIBDNS0: here. + (t_common_src): Ditto. + * dirmngr/dirmngr.c (oRecursiveResolver): New constant. + (opts): New option "--recursive-resolver". + (parse_rereadable_options): Set option. + * dirmngr/t-dns-stuff.c (main): Add option --recursive-resolver. + * dirmngr/server.c (cmd_getinfo): Depend output of "dnsinfo" on the + new variables. + * dirmngr/dns-stuff.c: Include dns.h only if USE_DNSLIB is defined. + Also build and call dnslib functions only if USE_DNSLIB is defined. + (recursive_resolver): New var. + (enable_recursive_resolver): New func. + (recursive_resolver_p): New func. + + dirmngr: Implement CERT record lookup via libdns. + + commit 3c2a7918eac024b5e1258ea9b272b4e8a1f1af43 + * dirmngr/dns-stuff.c (get_dns_cert_libdns): New. + (get_dns_cert_standard): Fix URL malloc checking. + + dirmngr: Implement CNAME and SRV record lookup via libdns. + + commit 4c13e4e3debe0e55e86ae29c095f2d86eb0a6f11 + * dirmngr/dns-stuff.c (dns_free): New macro. + (libdns): Move var to the top. + (libdns_error_to_gpg_error): Map error codes to the new gpg-error + codes. + (resolve_name_libdns): Restructure code. + (getsrv_libdns): New. + (get_dns_cname_libdns): New. + + dirmngr: Fix bugs in the standard resolver code. + + commit 4a030f682ef48542ed324b28207f2c2b4847dbef + * dirmngr/dns-stuff.c: Include dirmngr-err.h to set the correct error + source. + (get_h_errno_as_gpg_error): New. + (get_dns_cert_libdns): Fix error code. + (getsrv_libdns): Add arg R_COUNT and return an error code. + (getsrv_standard): Ditto. Fix handling of res_query errors and + provide the correct size for the return buffer. + (getsrv): Adjust for changed worker functions. + (get_dns_cname_standard): Fix handling of res_query errors and provide + the correct size for the return buffer. + + dirmngr: Require a c99 compiler. + + commit 392966aed9b2a5e1456c671e5d13b561a27e4bb2 + * configure.ac (USE_C99_CFLAGS): New ac_subst. Set to -std=gnu99 for + gcc. + * dirmngr/Makefile.am (AM_CFLAGS): Add USE_C99_CFLAGS. + (t_http_CFLAGS): Ditto. + (t_ldap_parse_uri_CFLAGS): Ditto. + (t_dns_stuff_CFLAGS): Ditto. + + doc: Add license notes for libdns. + + commit d84f5a88233c073a82fd47728574b001343784ee + * COPYING.other: New. + * Makefile.am (EXTRA_DIST): Add it. + * AUTHORS: Add info on libdns. + * build-aux/speedo/w32/pkg-copyright.txt: Add license terms. + + common: Add replacements for error codes from gpg-error 1.26. + + commit aae68a3ccd3d9870162b3ffd49eae08d5bf1b1e1 + + +2016-12-14 Justus Winter <justus@g10code.com> + + dirmngr: New libdns snapshot. + + commit f8ab2c4c70ad15c4b2e45492606fb94ddaccdac7 + + + dirmngr: Add basic libdns support. + + commit f6acd0426453d3a18536ca69d63baa0d971082ef + * dirmngr/dns.c: New file. + * dirmngr/dns.h: New file. + * dirmngr/Makefile.am (dirmngr_SOURCES): Add new files. + * dirmngr/dns-stuff.c: Include dns.h.xxx use libdns + (libdns): New global var for the libdns state. + (libdns_error_to_gpg_error): New. + (libdns_init): New. + (resolve_name_libdns): New. + (get_dns_cert_libdns): New stub. + (getsrv_libdns): New stub. + (get_dns_cname_libdns): New stub. + + dirmngr,build: Remove support for ADNS. + + commit 2e734a3ce159de8fb60df2bd5d454f98ca710717 + * autogen.rc: Remove '--with-adns' argument. + * configure.ac: Remove check for ADNS. + * dirmngr/dns-stuff.c: Remove all code that uses ADNS. + * dirmngr/server.c (cmd_getinfo): Update status line. + * doc/dirmngr.texi: Do not mention ADNS. + +2016-12-14 NIIBE Yutaka <gniibe@fsij.org> + + dirmngr: Improve ntbtls support. + + commit 57aa42ce9b28bc17ac24491d595766fbf80762af + * dirmngr/http.c [HTTP_USE_NTBTLS] (close_tls_session): Release. + (send_request): Call ntbtls_set_transport. + (cookie_read, cookie_write): Implement. + (cookie_close): Add initial implementation for ntbtls. + +2016-12-13 Justus Winter <justus@g10code.com> + + g10,sm: Spell out --passwd. + + commit c1c35fb887061de05661f3411eda97546e1a52d7 + * g10/gpg.c (opts): Spell out option. + * sm/gpgsm.c (opts): Likewise. + * doc/gpg.texi: Update accordingly. + * doc/gpgsm.texi: Likewise. + + g10: Spell out --gen-revoke. + + commit ec1bd3ae685e95563e38077ab3c1655fd55dea07 + * g10/gpg.c (opts): Spell out option. + * doc/gpg.texi: Update accordingly. + * po: Update translations. + + g10: Spell out --full-gen-key. + + commit 09163a6390bd9713f3a7946de739765b30ef6f64 + * g10/gpg.c (opts): Spell out option. + (main): Likewise. + * g10/keygen.c (generate_keypair): Likewise. + * doc/gpg.texi: Update accordingly. + + g10,sm: Spell out --gen-key. + + commit 892c827e72b1396e3b58e2f8869cc48328a2b59c + * g10/gpg.c (opts): Spell out option. + * sm/gpgsm.c (opts): Likewise. + * doc/gpg.texi: Update accordingly. + + g10,sm: Spell out --check-sigs. + + commit 9147737f1c6894f38b855f3cf38cd33122a1ae2a + * g10/gpg.c (opts): Spell out option. + * sm/gpgsm.c (opts): Likewise. + * doc/gpg.texi: Update accordingly. + + g10,sm: Spell out --list-sigs. + + commit a6d6e4afe488bc05ee730e85da6a9505c6cd245a + * g10/gpg.c (opts): Spell out option. + * sm/gpgsm.c (opts): Likewise. + * doc/gpg.texi: Update accordingly. + + g10: Hyphenate --clearsign. + + commit 04754ce3a704b1e6d38cb9a28dacf2821dc3f15f + * g10/gpg.c (opts): Hyphenate option. + * doc/gpg.texi: Update accordingly. + * po: Update translations. + * tests/openpgp: Update tests. + + g10: Spell out --recv-keys. + + commit ca598152345b40f3a236227dfc63ae04ddf777d7 + * g10/gpg.c (opts): Spell out option. + * doc/gpg.texi: Update accordingly. + + g10: Create expiring keys in quick key generation mode. + + commit dd3dde07a9a46130ac01d849f8edf0566e44f11f + * doc/gpg.texi: Document that fact. + * g10/keygen.c (quick_generate_keypair): Use a default value. + * tests/openpgp/quick-key-manipulation.scm: Test that fact. + + gpgscm: Print failed and skipped tests. + + commit 429891a704057437517cb0b45d11392b40fa1ee8 + * tests/gpgscm/tests.scm (test-pool::report): Print failed and skipped + tests at the end. + + gpgscm: Generalize the test runner. + + commit d43dabf4607d3bcfc217eb9aea34d093f5aa698f + * tests/gpgscm/tests.scm (test::scm) Add explicit name argument. + (test::binary): Likewise. Also, add missing unquote. + * tests/openpgp/run-tests.scm: Adapt accordingly. + + gpgscm: Move the test runner to the Scheme library. + + commit 1a176b92a8aad42056ed2c4e1f49a5feb40770cf + * tests/openpgp/run-tests.scm: Move most of the code... + * tests/gpgscm/tests.scm: ... here. + + tests: Refactor test runner. + + commit fe36e63763c9c595bb057ac50160d2aff7c7a63f + * tests/openpgp/run-tests.scm (locate-test): New function. + (test): Factor-out the code starting the child process. + (test::binary): New function. + + gpgscm: Improve library functions. + + commit e3876f16eb237bdeb9f79aca2e7db5e9e2d86686 + * tests/gpgscm/tests.scm (absolute-path?): New function. + (canonical-path): Use the new function. + * tests/gpgscm/lib.scm (string-split-pln): New function. + (string-indexp, string-splitp): Likewise. + (string-splitn): Express using the above function. + (string-ltrim, string-rtrim): Fix corner case. + (list->string-reversed): New function. + (read-line): Fix performance. + +2016-12-12 Werner Koch <wk@gnupg.org> + + gpg: Fix memory leak in ecc key generation. + + commit 98433c70431dfbde99b0e89416856d1eef9ebc88 + * g10/keygen.c (ecckey_from_sexp): Release curve. + + gpg: Do not use a fixed string for --gpgconf-list:default_pubkey_algo. + + commit f1304ee9b21e6ceac6c13d04ceddd23fadb5c7f1 + * g10/keygen.c (get_default_pubkey_algo): New. + (parse_key_parameter_string): Use it. + * g10/gpg.c (gpgconf_list): Take value from new function. + + gpg: Fix algo string parsing of --quick-addkey. + + commit 522e6f798db9f3f3a9e0123fdc389a86ac69dedf + * g10/keygen.c (parse_key_parameter_string): Fix handling of PART==1. + (parse_key_parameter_part): Use default key size if only "rsa", "dsa", + or "elg" is given. + +2016-12-09 Justus Winter <justus@g10code.com> + + g10: Create keys that expire in simple key generation mode. + + commit d568a1561642ed9b7b7b6282b86c56786d10a956 + * g10/keygen.c (default_expiration_interval): New variable. + (generate_keypair): Use the new default. + + tests: Add a test for '--quick-addkey'. + + commit b778d8deedf344c8116362633925b8153c7f1bf1 + * tests/openpgp/quick-key-manipulation.scm: Test '--quick-addkey'. + + tests: New test using all available compression algorithms. + + commit 59f1562c25119a4fe27411e6350f2149d6147148 + * tests/openpgp/Makefile.am (XTESTS): Add new test. + * tests/openpgp/compression.scm: New file. + * tests/openpgp/defs.scm (all-compression-algos): New variable. + + g10: List compression algorithms using human-readable names. + + commit c8100fc0faadf8ba35e4df32b4760cc975e3a83d + * g10/gpg.c (list_config): List all enabled compression algorithms + under the key 'compressname'. + + g10: Fix memory leak. + + commit 3de9bad359e28ced4a2539e411d222ffd82a4a62 + * g10/sign.c (do_sign): Release old signature data. + +2016-12-08 Werner Koch <wk@gnupg.org> + + common: Skip the Byte Order Mark in conf files. + + commit 5c7d58222834793629a30248e72b6ea96e832dc4 + * common/argparse.c (optfile_parse): Detect and skip the UTF-8 BOM. + + Fix 2 compiler warnings. + + commit cb4c7abb774e2d95806d8b0ec6ea5cd130c1b5b8 + * dirmngr/loadswdb.c: Set ERR on malloc failure. + * g10/passphrase.c (passphrase_to_dek): Initialize all fields of + HELP_S2K. + + wks: New option --status-fd for gpg-wks-client. + + commit 4a04277ad112e0966296133795f93cf6a3daa48e + * tools/wks-util.c: Include status.h. + (statusfp): New global var. + (wks_set_status_fd): New func. + (wks_write_status): New func. + * tools/gpg-wks-client.c: Include status.h. + (oStatusFD): New constant. + (opts): New option --status-fd. + (parse_arguments): Handle that option. + (main): Return STATUS_SUCCESS or STATUS_FAILURE. + +2016-12-08 Justus Winter <justus@g10code.com> + + gpgscm: Better error reporting. + + commit e7429b1ced0c69fa7901f888f8dc25f00fc346a4 + * tests/gpgscm/ffi.scm: Move the customized exception handling and + atexit logic... + * tests/gpgscm/init.scm: ... here. + (throw): Record the current history. + (throw'): New function that is history-aware. + (rethrow): New function. + (*error-hook*): Use the new throw'. + * tests/gpgscm/main.c (load): Fix error handling. + (main): Save and use the 'sc->retcode' as exit code. + * tests/gpgscm/repl.scm (repl): Print call history. + * tests/gpgscm/scheme.c (_Error_1): Make a snapshot of the history, + use it to provide a accurate location of the expression causing the + error at runtime, and hand the history trace to the '*error-hook*'. + (opexe_5): Tag all lists at parse time with the current location. + * tests/gpgscm/tests.scm: Update calls to 'throw', use 'rethrow'. + + gpgscm: Keep a history of calls for error messages. + + commit 404e8a4136bbbab39df7dd5119841e131998cc15 + * tests/gpgscm/init.scm (vm-history-print): New function. + * tests/gpgscm/opdefines.h: New opcodes 'CALLSTACK_POP', 'APPLY_CODE', + and 'VM_HISTORY'. + * tests/gpgscm/scheme-private.h (struct history): New definition. + (struct scheme): New field 'history'. + * tests/gpgscm/scheme.c (gc): Mark objects in the history. + (history_free): New function. + (history_init): Likewise. + (history_mark): Likewise. + (add_mod): New macro. + (sub_mod): Likewise. + (tailstack_clear): New function. + (callstack_pop): Likewise. + (callstack_push): Likewise. + (tailstack_push): Likewise. + (tailstack_flatten): Likewise. + (callstack_flatten): Likewise. + (history_flatten): Likewise. + (opexe_0): New variable 'callsite', keep track of the expression if it + is a call, implement the new opcodes, record function applications in + the history. + (opexe_6): Implement new opcode. + (scheme_init_custom_alloc): Initialize history. + (scheme_deinit): Free history. + * tests/gpgscm/scheme.h (USE_HISTORY): New macro. + + gpgscm: Add flag TAIL_CONTEXT. + + commit 01256694f006405c54bc2adef63ef0c8f07da9ee + * tests/gpgscm/scheme.c (S_FLAG_TAIL_CONTEXT): New macro. This flag + indicates that the interpreter is evaluating an expression in a tail + context (see R5RS, section 3.5). + (opexe_0): Clear and set the flag according to the rules layed out in + R5RS, section 3.5. + (opexe_1): Likewise. + + gpgscm: Add flags to the interpreter. + + commit a4a69163d9d7e4d9f3339eb5cda0afb947180b26 + * tests/gpgscm/scheme-private.h (struct scheme): Add field 'flags'. + * tests/gpgscm/scheme.c (S_OP_MASK): New macro. + (S_FLAG_MASK, s_set_flag, s_clear_flag, s_get_flag): Likewise. + (_s_return): Unpack the encoded opcode and flags. + (s_save): Encode the flags along with the opcode. Use normal + integers to encode the result. + (scheme_init_custom_alloc): Initialize 'op' and 'flags'. + + gpgscm: Implement tags. + + commit fcf5aea44627def43425d03881e20902e7c0331e + * tests/gpgscm/opdefines.h: Add opcodes to create and retrieve tags. + * tests/gpgscm/scheme.c (T_TAGGED): New macro. + (mk_tagged_value): New function. + (has_tag): Likewise. + (get_tag): Likewise. + (mark): Mark tag. + (opexe_4): Implement new opcodes. + * tests/gpgscm/scheme.h (USE_TAGS): New macro. + +2016-12-08 Werner Koch <wk@gnupg.org> + + gpg: Fix the fix out-of-bounds access. + + commit a75790b74095828f967c012eff7033f570d93077 + * g10/tofu.c (build_conflict_set): Revert to int* and fix calloc. + + wks: New option --check for gpg-wks-client. + + commit d8c5e8ccfdb53cc327f7520fc7badc31d0c9c666 + * tools/call-dirmngr.c (wkd_get_key): New. + * tools/gpg-wks-client.c (aCheck): New constant. + (opts): New option "--check". + (main): Call command_check. + (command_check): New. + + tools: Move a function from gpg-wks-server to wks-util.c. + + commit c3138decd77d788906885b638b344d0d1faf32c0 + * tools/gpg-wks-server.c (list_key_status_cb): Remove. + (list_key): Move to ... + * tools/wks-util.c (wks_list_key): here and rename. Add new args + R_FPR and R_MBOXES and remove the CTX. + (list_key_status_cb): New. + * tools/wks-util.c: Include ccparray.h, exectool.h, and mbox-util.h. + * tools/gpg-wks-server.c (process_new_key): Replace list_key by + wks_list_key. + (check_and_publish): Ditto. + +2016-12-08 Justus Winter <justus@g10code.com> + + gpgscm: Generalize 'for-each-p'. + + commit a2bedc8ac6fcdcd1de0a9fa3d540006481387dff + * tests/gpgscm/tests.scm (for-each-p): Generalize to N lists like + for-each. + (for-each-p'): Likewise. + + g10: Fix out-of-bounds access. + + commit 3b5b94ceab7c0ed9501c5cf54b4efa17fcd7300a + * g10/tofu.c (build_conflict_set): Use 'char'. + +2016-12-08 Werner Koch <wk@gnupg.org> + + tools: Fix use of uninitialized var in mime-maker. + + commit dd03667ab1062bba3b9413c3f8007d63302d1b31 + * tools/mime-maker.c (ensure_part): Make sure to set R_PARENT on + error. + (add_missing_headers): Ensure that ERR is set on success. + + * tools/wks-util.c (wks_parse_policy): Fix indentation. + + tools: Fix memleak in gpgconf. + + commit b265969154741bf9f93167699fe7ddda1d485265 + * tools/gpgconf.c (main): Free SOCKETDIR. + + gpg: Fix portability problem. + + commit c3008bffac68b6f31e9ae9bad837cdce5de7c0db + * g10/tofu.c (build_conflict_set): Replace variable dynamic array. + +2016-12-07 Justus Winter <justus@g10code.com> + + tests: Add test for '--quick-set-expire'. + + commit dec2ae31a46a0f41886c7ad228865cc573f2dea9 + * tests/openpgp/quick-key-manipulation.scm: Test '--quick-set-expire'. + + tests: Improve quick key manipulation test. + + commit 92df40a3a2ae471fbba00d6d7040230404931fd4 + * tests/openpgp/quick-key-manipulation.scm: Do not update the trust + database, rather be more specific when filtering the user ids. + +2016-12-06 Daniel Kahn Gillmor <dkg@fifthhorseman.net> + + agent: Respect --enable-large-secmem. + + commit 8636ad5023a1bdc527add40a5508f8c5b7c35221 + * agent/gpg-agent.c (main): Initialize secmem to the configured buffer + size. + +2016-12-06 Justus Winter <justus@g10code.com> + + tests: Add test importing a revocation certificate. + + commit e352ead43fbb0180e1f1c71bf1a000d1954eb777 + * tests/openpgp/Makefile.am (XTESTS): Add new test. + * tests/openpgp/import-revocation-certificate.scm: New file. + * tests/openpgp/samplemsgs/revoke-2D727CC768697734.asc: Likewise. + + tests: Rename 'error' to 'fail'. + + commit 5b5d881f47c82f320abf440c20b7a1bac078a987 + * tests/gpgscm/tests.scm (error): Rename to 'fail'. 'error' is a + primitive function (an opcode) of the TinySCHEME vm, and 'error' is + also defined by R6RS. Better avoid redefining that. Fix all call + sites. + * tests/openpgp/4gb-packet.scm: Adapt. + * tests/openpgp/decrypt-multifile.scm: Likewise. + * tests/openpgp/ecc.scm: Likewise. + * tests/openpgp/export.scm: Likewise. + * tests/openpgp/gpgtar.scm: Likewise. + * tests/openpgp/gpgv-forged-keyring.scm: Likewise. + * tests/openpgp/import.scm: Likewise. + * tests/openpgp/issue2015.scm: Likewise. + * tests/openpgp/issue2346.scm: Likewise. + * tests/openpgp/issue2419.scm: Likewise. + * tests/openpgp/key-selection.scm: Likewise. + * tests/openpgp/mds.scm: Likewise. + * tests/openpgp/multisig.scm: Likewise. + * tests/openpgp/setup.scm: Likewise. + * tests/openpgp/signencrypt.scm: Likewise. + * tests/openpgp/ssh-import.scm: Likewise. + * tests/openpgp/tofu.scm: Likewise. + * tests/openpgp/verify.scm: Likewise. + + tests: Remove debugging display. + + commit 89ac071eb4c7539e98c7dc17e11f57c620b54e90 + * tests/openpgp/tofu.scm: Remove debugging display. + +2016-12-06 Neal H. Walfield <neal@g10code.com> + + tests: Update distributed files. + + commit 87972fdef2cd853fb97624d0765686674a19e3c4 + * tests/openpgp/Makefile.am (TEST_FILES): Remove tofu-keys.asc, + tofu-keys-secret.asc, tofu-2183839A-1.txt, tofu-BC15C85A-1.txt and + tofu-EE37CF96-1.txt. Add tofu/conflicting/1C005AF3.gpg, + tofu/conflicting/1C005AF3-secret.gpg, tofu/conflicting/1C005AF3-1.txt, + tofu/conflicting/1C005AF3-2.txt, tofu/conflicting/1C005AF3-3.txt, + tofu/conflicting/1C005AF3-4.txt, tofu/conflicting/1C005AF3-5.txt, + tofu/conflicting/B662E42F.gpg, tofu/conflicting/B662E42F-secret.gpg, + tofu/conflicting/B662E42F-1.txt, tofu/conflicting/B662E42F-2.txt, + tofu/conflicting/B662E42F-3.txt, tofu/conflicting/B662E42F-4.txt, + tofu/conflicting/B662E42F-5.txt, tofu/conflicting/BE04EB2B.gpg, + tofu/conflicting/BE04EB2B-secret.gpg, tofu/conflicting/BE04EB2B-1.txt, + tofu/conflicting/BE04EB2B-2.txt, tofu/conflicting/BE04EB2B-3.txt, + tofu/conflicting/BE04EB2B-4.txt, tofu/conflicting/BE04EB2B-5.txt and + tofu/conflicting/README. + + doc: Improve the text in the gpg manual. + + commit 7572d270fcda1614648c6f08d711d5096ffebbe6 + * doc/gpg.texi: Improve the text. + + g10: Avoid a memory leak. + + commit 6102099985c1b82b6c0bba0464c1f913cc673e96 + * g10/gpg.c (main): Free KB when we're done with it. + + tests: Change (interactive-shell) to start an interactive shell. + + commit db6d8cfdc118131f497596ef1ffc121949377754 + * tests/gpgscm/tests.scm (interactive-shell): Start an interactive + shell. + + tests: Check the signature count in the TOFU TFS record. + + commit 17c717d7c92d9a52101fea7e396fc133322a8786 + * tests/openpgp/tofu.scm: Check the signature count in the TOFU TFS + record. + + tests: Replace data used by the TOFU conflict test. + + commit d5b18d6c55d65e8df2dd112651e3b9b3d9e6e27a + * tests/openpgp/tofu-2183839A-1.txt: Remove file. + * tests/openpgp/tofu-BC15C85A-1.txt: Remove file. + * tests/openpgp/tofu-EE37CF96-1.txt: Remove file. + * tests/openpgp/tofu-keys-secret.asc: Remove file. + * tests/openpgp/tofu-keys.asc: Remove file. + * tests/openpgp/tofu/conflicting/1C005AF3.gpg: New file. + * tests/openpgp/tofu/conflicting/1C005AF3-secret.gpg: New file. + * tests/openpgp/tofu/conflicting/1C005AF3-1.txt: New file. + * tests/openpgp/tofu/conflicting/1C005AF3-2.txt: New file. + * tests/openpgp/tofu/conflicting/1C005AF3-3.txt: New file. + * tests/openpgp/tofu/conflicting/1C005AF3-4.txt: New file. + * tests/openpgp/tofu/conflicting/1C005AF3-5.txt: New file. + * tests/openpgp/tofu/conflicting/B662E42F.gpg: New file. + * tests/openpgp/tofu/conflicting/B662E42F-secret.gpg: New file. + * tests/openpgp/tofu/conflicting/B662E42F-1.txt: New file. + * tests/openpgp/tofu/conflicting/B662E42F-2.txt: New file. + * tests/openpgp/tofu/conflicting/B662E42F-3.txt: New file. + * tests/openpgp/tofu/conflicting/B662E42F-4.txt: New file. + * tests/openpgp/tofu/conflicting/B662E42F-5.txt: New file. + * tests/openpgp/tofu/conflicting/BE04EB2B.gpg: New file. + * tests/openpgp/tofu/conflicting/BE04EB2B-secret.gpg: New file. + * tests/openpgp/tofu/conflicting/BE04EB2B-1.txt: New file. + * tests/openpgp/tofu/conflicting/BE04EB2B-2.txt: New file. + * tests/openpgp/tofu/conflicting/BE04EB2B-3.txt: New file. + * tests/openpgp/tofu/conflicting/BE04EB2B-4.txt: New file. + * tests/openpgp/tofu/conflicting/BE04EB2B-5.txt: New file. + * tests/openpgp/tofu/conflicting/README: New file. + * tests/openpgp/tofu.scm: Update accordingly. + + g10: Remove dead code. + + commit bd9ebe1404c1395edd0e029023a9e780c90f6d73 + * g10/tofu.c (tofu_set_policy_by_keyid): Remove function. + +2016-12-05 Werner Koch <wk@gnupg.org> + + gpg: New option --quick-set-expire. + + commit 41b3d0975de65d1654f5e37c626d7c9b7c9a7a4d + * g10/gpg.c (aQuickSetExpire): New. + (opts): New option --quick-set-expire. + (main): Implement option. + * g10/keyedit.c (menu_expire): Add args FORCE_MAINKEY and + NEWEXPIRATION. Change semantics of the return value. Change caller. + (keyedit_quick_set_expire): New. + +2016-12-05 Justus Winter <justus@g10code.com> + + tests: New test for '--enarmor' and '--dearmor'. + + commit fae4d06b0ccaa9803e0c0da56c327b0bcfffcac5 + * tests/openpgp/Makefile.am (XTESTS): Add new test. + * tests/openpgp/enarmor.scm: New file. + +2016-12-03 Werner Koch <wk@gnupg.org> + + gpg: Fix error code arg in ERRSIG status line. + + commit ef10c348bffc7dad19e1832bebc453755d209420 + * g10/mainproc.c (check_sig_and_print): Use gpg_err_code to return an + error code in ERRSIG. + +2016-12-02 Werner Koch <wk@gnupg.org> + + gpg: New option --default-new-key-algo. + + commit ce29272e24e7b718b8fca9b84bc728e65f3dea24 + * common/openpgp-oid.c (openpgp_is_curve_supported): Add optional arg + R_ALGO and change all callers. + * common/util.h (GPG_ERR_UNKNOWN_FLAG): New error code. + * g10/options.h (struct opt): Add field DEF_NEW_KEY_ALGO. + * g10/gpg.c (oDefaultNewKeyAlgo): New enum. + (opts): New option "--default-new-key-algo". + (main): Set the option. + * g10/keygen.c: Remove DEFAULT_STD_ FUTURE_STD_ constants and replace + them by ... + (DEFAULT_STD_KEY_PARAM, FUTURE_STD_KEY_PARAM): new string constants. + (get_keysize_range): Remove arg R_DEF and return that value instead. + Change all callers. + (gen_rsa): Use get_keysize_range instead of the removed + DEFAULT_STD_KEYSIZE. + (parse_key_parameter_part): New function. + (parse_key_parameter_string): New function. + (quick_generate_keypair): Refactor using parse_key_parameter_string. + (generate_keypair): Ditto. + (parse_algo_usage_expire): Ditto. + +2016-12-02 Neal H. Walfield <neal@g10code.com> + + g10: Improve debugging output. + + commit cd532bb7b866e104304e2443cc942799c385daa5 + * g10/tofu.c (string_to_long): Improve debugging output. + (string_to_ulong): Likewise. + +2016-12-01 Neal H. Walfield <neal@g10code.com> + + g10: In the TOFU module, make strings easier to translate. + + commit bd1a1d8582abcfd7f29812942fa70f88d0aec7cf + * g10/tofu.c: Remove dead code. + (time_ago_str): Simplify implementation since we only want the most + significant unit. + (format_conflict_msg_part1): Use ngettext. + (ask_about_binding): Likewise and only emit full sentences. + (show_statistics): Likewise. + +2016-12-01 Werner Koch <wk@gnupg.org> + + dirmngr: Add option --standard-resolver. + + commit 304566d3327ef0a85188cce3109d46d5ff47177a + * dirmngr/dirmngr.c (oStandardResolver): New constant. + (opts): New option --standard-resolver. + (parse_rereadable_options): Set option. + * dirmngr/dns-stuff.c: Refactor all code to support the new option. + (standard_resolver): New var. + (enable_standard_resolver, standard_resolver_p): New func. + * dirmngr/http.c (connect_server): Remove USE_DNS_SRV build + conditional. + * dirmngr/ks-engine-hkp.c (map_host): Ditto. + * dirmngr/server.c (cmd_getinfo) <dnsinfo>: Take care of new option + * configure.ac (HAVE_ADNS_IF_TORMODE): Remove var ADNSLIB. ac_define + USE_ADNS in the adns checking code. Remove options --disable-dns-srv + and --disable-dns-cert. Always look for the system resolver. Print + warning if no system resolver was found. + (USE_DNS_CERT, USE_DNS_SRV): Remove ac_defines. + (HAVE_SYSTEM_RESOLVER): New ac_define. + (USE_DNS_SRV): Remove am_conditional; not used anyway. + + gpg: Let only Dirmngr decide whether CERT is supported. + + commit 86efc3ee53abaf1e22b53c1b360c51829e476115 + * g10/getkey.c (parse_auto_key_locate): Do not build parts depending + on USE_DNS_CERT. + +2016-12-01 Justus Winter <justus@g10code.com> + + tests,build: Fix distcheck. + + commit fbdfe6a514a95fb46f2b811a13709024e2baf252 + * tests/openpgp/Makefile.am (sample_msgs): Add messages required for + the new test 'verify-multifile.scm'. + + tests: Add test for '--verify --multifile'. + + commit 12af8e84a32df728462da09a00a8bec24a487720 + * tests/openpgp/Makefile.am (XTESTS): Add new test. + * tests/openpgp/verify-multifile.scm: New file. + +2016-11-30 Justus Winter <justus@g10code.com> + + tests: Add test for '--encrypt --multifile'. + + commit 3c0569e99498c7470ebdb639b4c5ae829af92761 + * tests/openpgp/Makefile.am (XTESTS): Add new test. + * tests/openpgp/encrypt-multifile.scm: New file. + +2016-11-29 Werner Koch <wk@gnupg.org> + + agent,dirmngr: Tiny restructuring. + + commit aa6ab9e0bc67fe9ce5601047e84ea4a875e8eb64 + * agent/gpg-agent.c (handle_connections): Add a comment. + * dirmngr/dirmngr.c (main): Move assuan_sock_close of the listening + socket to ... + (handle_connections): here. Add a comment why we keep the + listening socket open during a shutdown. + + agent,dirmngr: Handle corner case in shutdown mode. + + commit 854adc8ae19749e44cb79dfa0c5401f48012b13a + * agent/gpg-agent.c (handle_connections): Keep on selecting on the + inotify fd even when a shutdown is pending. + * dirmngr/dirmngr.c (handle_connections): Ditto. Also simplifyy the + use of the HAVE_INOTIFY_INIT cpp conditional. + + gpgsm: Allow decryption with a card returning a PKCS#1 stripped key. + + commit 8489b12211098ad58c008cfb74b5cb91849cf68d + * sm/decrypt.c (prepare_decryption): Handle a 16 byte session key. + + agent,w32: Initialize nPth in server mode. + + commit 81d6e98cdf4caa3aa92398fc3b8bed397b40f58d + * agent/gpg-agent.c (main) [W32]: Call initialize_modules in server + mode. + + gpg: Make --decrypt with output '-&nnnn' work. + + commit a5910e00ace882b8a17169faf4607163ab454af9 + * g10/plaintext.c (get_output_file): Check and open special filename + before falling back to stdout. + + gpg,sm: Merge the two versions of check_special_filename. + + commit 60b4982836a00ef6b2a97d16f735b3f6b74dce62 + * sm/gpgsm.c (check_special_filename): Move to .. + * common/sysutils.c (check_special_filename): here. Add arg + NOTRANSLATE. + (allow_special_filenames): New local var. + (enable_special_filenames): New public functions. + * sm/gpgsm.c (allow_special_filenames): Remove var. + (main): Call enable_special_filenames instead of setting the var. + (open_read, open_es_fread, open_es_fwrite): Call + check_special_filename with 0 for NOTRANSLATE. + * common/iobuf.c (special_names_enabled): Remove var. + (iobuf_enable_special_filenames): Remove func. + (check_special_filename): Remove func. + (iobuf_is_pipe_filename): Call new version of the function with + NOTRANSLATE set. + (do_open): Ditto. + * g10/gpg.c (main): Call enable_special_filenames instead of + iobuf_enable_special_filenames. + * g10/gpgv.c (main): Ditto. + +2016-11-29 Justus Winter <justus@g10code.com> + + g10: Fix memory leak. + + commit 52385a2ba1bf7e53f500ffde5fd34f28e69cf76b + * g10/decrypt.c (decrypt_messages): Properly decrease the reference + count of the armor filters after pushing them. + + tools,build: Build WKS tools against libintl. + + commit 9fb5e9c14557f7567cbc7c50b9881b7d7bfa2f12 + * tools/Makefile.am (gpg_wks_server_LDADD): Link against libintl. + (gpg_wks_client_LDADD): Likewise. + +2016-11-29 Neal H. Walfield <neal@g10code.com> + + Improve some comments. + + commit 522f74f7e377135cf098b6b0b9b35284c1dfc963 + + + g10: Extend TOFU_STATS to always show the validity. + + commit 2f27cb12e30c9f6e780354eecc3ff0039ed52c63 + * doc/DETAILS (TOFU_STATS): Rename the VALIDITY field to SUMMARY. Add + a new field called VALIDITY. + * g10/tofu.c (write_stats_status): Update output accordingly. + +2016-11-29 Justus Winter <justus@g10code.com> + + tests: Add test for '--decrypt --multifile'. + + commit bde4fddadc75ad6071e3fc6c0980905de14c03cb + * tests/openpgp/Makefile.am (XTESTS): Add new test. + * tests/openpgp/decrypt-multifile.scm: New file. + + gpgscm: Avoid truncating pointers. + + commit e062bc4da8062b822ee85096d9adfcbca8dcb56a + * tests/gpgscm/scheme.c (_alloc_cellseg): Avoid truncating pointers on + systems where sizeof(unsigned long) < sizeof(void *). + +2016-11-29 Daniel Kahn Gillmor <dkg@fifthhorseman.net> + + dirmngr: Lazily launch ldap reaper thread. + + commit f6728d13e8e544dbd4b9351ed981613e5504293f + * dirmngr/dirmngr.c (main): Avoid calling ldap_wrapper_launch_thread() + Before we need it. + * dirmngr/ldap-wrapper.c (ldap_wrapper): Call + ldap_wrapper_launch_thread() just in time (before any attempt to use + an ldap subprocess). + +2016-11-29 Werner Koch <wk@gnupg.org> + + build: Remove more keywords from the generated ChangeLog. + + commit ecc126a7cef371e3b88e65715ba37fb77e92ea0f + * build-aux/gitlog-to-changelog (parse_amend_file): Generalize keyword + removal. + +2016-11-28 Justus Winter <justus@g10code.com> + + tests: Add test for the ssh key export. + + commit 47b8b9e2ce5af7fba117ae0b00e10bec414dcfb0 + * tests/openpgp/Makefile.am (XTESTS): Add new test. + (sample_keys): Add new files. + * tests/openpgp/samplekeys/authenticate-only.pub.asc: New file. + * tests/openpgp/samplekeys/authenticate-only.sec.asc: Likewise. + * tests/openpgp/ssh-export.scm: Likewise. + + g10: Fix iteration over getkey results. + + commit 4db9a425644dccaf81b51ebc97b32a9cc21941a4 + * g10/getkey.c (getkey_next): Only ask 'lookup' for the exact match if + our caller requested the key. Fixes a crash in 'lookup'. + + tests: Rename ssh test. + + commit cc1d21342659a7def5d662d0547579f9e0d3b109 + * tests/openpgp/ssh.scm: Rename to 'ssh-import.scm'. + * tests/openpgp/Makefile (XTESTS): Likewise. + +2016-11-25 NIIBE Yutaka <gniibe@fsij.org> + + scd: Support OpenPGP card V3 for RSA. + + commit b89e63e5c326af71470124b410e6429cbd2b5c43 + * scd/app-openpgp.c (struct app_local_s): Remove max_cmd_data and + max_rsp_data fields as Extended Capabilities bits are different. + (get_cached_data) Use extcap.max_certlen_3. + (get_one_do): Don't use exmode=1. + (determine_rsa_response): New. + (get_public_key, do_genkey): Call determine_rsa_response. + (do_sign): Use keyattr[0].rsa.n_bits / 8, instead of max_rsp_data. + (do_auth): Use keyattr[2].rsa.n_bits / 8, instead of max_rsp_data. + (do_decipher): Likewise with Use keyattr[1].rsa.n_bits / 8. + (show_caps): Remove max_cmd_data and max_rsp_data. + (app_select_openpgp): Likewise. + +2016-11-23 Justus Winter <justus@g10code.com> + + gpgscm: Make 'reverse' compatible with 'reverse_in_place'. + + commit 005d326d19ba28005182205f25edc4f7499ec0b5 + * tests/gpgscm/scheme.c (reverse): Update prototype, add terminator + argument. + (opexe_4): Update callsite. + + gpgscm: Clean sweeped cells. + + commit 3fb9954c43425775a517060959dad01fa00238f7 + * tests/gpgscm/scheme.c (gc): Zero typeflag and car of free cells. + + gpgscm: Fix initialization of 'sink'. + + commit 7856e3efaad7614979bc0b91379a0a4dcbc739d5 + * tests/gpgscm/scheme.c (scheme_init_custom_alloc): Also initialize + cdr. + +2016-11-23 Neal H. Walfield <neal@g10code.com> + + g10: Avoid gratuitously loading a keyblock when it is already available. + + commit 03a65a53231cc3132a50a1871e81a512c44da169 + * g10/trust.c (get_validity): Add new, optional parameter KB. Only + load the keyblock if KB is NULL. Update callers. + (get_validity): Likewise. + * g10/trustdb.c (tdb_get_validity_core): Likewise. + +2016-11-22 Neal H. Walfield <neal@g10code.com> + + g10: Use es_fopen instead of open. + + commit bfeafe2d3f9bbaa7f11f3ad870a446141c038b0d + * g10/tofu.c: Don't include <utime.h>, <fcntl.h> or <unistd.h>. + (busy_handler): Replace use of open with es_fopen. + + g10: If the set of UTKs changes, invalidate any changed policies. + + commit 44c17bcb003a3330f595a6ab144e8439b7b630cb + * g10/trustdb.c (tdb_utks): New function. + * g10/tofu.c (check_utks): New function. + (initdb): Call it. + * tests/openpgp/tofu.scm: Modify test to check the effective policy of + keys whose effective policy changes when we change the set of UTKs. + +2016-11-22 NIIBE Yutaka <gniibe@fsij.org> + + scd: Fix receive buffer size. + + commit 5c2db9dedfe9dbb14ffec24751ca23a69cead94e + * scd/apdu.c (send_le): Fix the size, adding two for status + bytes to Le. + +2016-11-22 Justus Winter <justus@g10code.com> + + gpgscm: Refactor. + + commit a3b258d1d15953816e0567511ecc527a4ccdd626 + * tests/gpgscm/scheme.c (opexe_0): Reduce code duplication. + + gpgscm: Fix property lists. + + commit d8df80427238cdbb9ae0f6dae8bc7e9c24f6e265 + * tests/gpgscm/opdefines.h (put, get): Check arguments. Also rename + to 'set-symbol-property' and 'symbol-property', the names used by + Guile, because put and get are too unspecific. + * tests/gpgscm/scheme.c (hasprop): Only symbols have property lists. + (get_property): New function. + (set_property): Likewise. + (opexe_4): Use the new functions. + + gpgscm: Fix installation of error handler. + + commit 7b4e2ea274ace22245264f1759279390d0300a62 + * tests/gpgscm/ffi.scm: Set '*error-hook*' again so that the + interpreter will use our function. + + gpgscm: Use a static pool of cells for small integers. + + commit 66834eb838a8892d088f6b7332084a64d9f15008 + * tests/gpgscm/scheme-private.h (struct scheme): New fields for the + static integer cells. + * tests/gpgscm/scheme.c (_alloc_cellseg): New function. + (alloc_cellseg): Use the new function. + (MAX_SMALL_INTEGER): New macro. + (initialize_small_integers): New function. + (mk_small_integer): Likewise. + (mk_integer): Return a small integer if possible. + (_s_return): Do not free 'op' if it is a small integer. + (s_save): Use a small integer to box the opcode. + (scheme_init_custom_alloc): Initialize small integers. + (scheme_deinit): Free chunk of small integers. + * tests/gpgscm/scheme.h (USE_SMALL_INTEGERS): New macro. + + tests: Delay querying the avaliable algorithms. + + commit 893a3f7fb46021961914a8acdf1292a80e3eba93 + * tests/openpgp/defs.scm: Set verbosity earlier, turn 'all-*-algos' + into promises. + * tests/openpgp/conventional-mdc.scm: Force the promises. + * tests/openpgp/conventional.scm: Likewise. + * tests/openpgp/encrypt-dsa.scm: Likewise. + * tests/openpgp/encrypt.scm: Likewise. + * tests/openpgp/gpgtar.scm: Likewise. + * tests/openpgp/sigs.scm: Likewise. + + g10: Fix memory leak. + + commit 6ce14a805f1da687dfb8535db57730d5c7403db7 + * g10/tofu.c (tofu_notice_key_changed): Remove spurious duplicate call + to 'hexfingerprint'. + +2016-11-21 Neal H. Walfield <neal@g10code.com> + + g10: Cache the effective policy. Recompute it when required. + + commit 037f9de09298a31026ea2ab5fbd4a599b11cc34f + * g10/tofu.c (initdb): Add column effective_policy to the bindings + table. + (record_binding): New parameters effective_policy and set_conflict. + Save the effective policy. If SET_CONFLICT is set, then set conflict + according to CONFLICT. Otherwise, preserve the current value of + conflict. Update callers. + (get_trust): Don't compute the effective policy here... + (get_policy): ... do it here, if it was not cached. Take new + parameters, PK, the public key, and NOW, the time that the operation + started. Update callers. + (show_statistics): New parameter PK. Pass it to get_policy. Update + callers. + (tofu_notice_key_changed): New function. + * g10/gpgv.c (tofu_notice_key_changed): New stub. + * g10/import.c (import_revoke_cert): Take additional argument CTRL. + Pass it to keydb_update_keyblock. + * g10/keydb.c (keydb_update_keyblock): Take additional argument CTRL. + Update callers. + [USE_TOFU]: Call tofu_notice_key_changed. + * g10/test-stubs.c (tofu_notice_key_changed): New stub. + * tests/openpgp/tofu.scm: Assume that manually setting a binding's + policy to auto does not cause the tofu engine to forget about any + conflict. + + g10: Correctly parameterize ngettext. + + commit 182efc5b5d20ac0d43501a22f349a23dc06a27a4 + * g10/tofu.c (ask_about_binding): Correctly parameterize ngettext. + + g10: Don't use the same variable for multiple SQL compiled statements. + + commit 7142b293c870d73ce0146bfb90e6a556e0079650 + * g10/tofu.c (struct tofu_dbs_s): Remove unused field + record_binding_update2. Replace register_insert with + register_signature and register_encryption. + (tofu_register_signature): Don't use dbs->s.register_insert, but + dbs->s.register_signature. + (tofu_register_encryption): Don't use dbs->s.register_insert, but + dbs->s.register_encryption. + + g10: Add a convenience function for checking if a key is a primary key. + + commit 91a0483c5db8ee4510981448a705981ee1cce199 + * g10/keydb.h (pk_is_primary): New function. + * g10/tofu.c (get_trust): Use it. + (tofu_register_signature): Likewise. + (tofu_register_encryption): Likewise. + (tofu_set_policy): Likewise. + (tofu_get_policy): Likewise. + +2016-11-21 Daniel Kahn Gillmor <dkg@fifthhorseman.net> + + doc: Ship example gpg-agent-browser.socket in examples/systemd-user/. + + commit 0540cfbee455b197edd89b602a4b47ebf0be8588 + * doc/Makefile.am: Ship gpg-agent-browser.socket alongside the other + systemd user service example files. + +2016-11-21 NIIBE Yutaka <gniibe@fsij.org> + + agent: Fix npth + daemon mode problem. + + commit 9a707a223a3d45ccf245dee7989ca144e4e6bb49 + * agent/gpg-agent.c (main): Remove duplicated initialization in daemon + mode. + +2016-11-18 Werner Koch <wk@gnupg.org> + + Release 2.1.16. + + commit 0a641ad25d8c3b91dc32bb9f3f1ae49ae539a4f7 + + +2016-11-18 Ineiev <ineiev@gnu.org> + + po: Update Russian translation. + + commit 11aaa9c6d4ed3e47de45b4aee925ab1065120988 + + +2016-11-18 NIIBE Yutaka <gniibe@fsij.org> + + g10: Fix flags to open for lock of ToFU. + + commit 1c0b140cccfb884c6d07785c3284b9df06dccd3c + * g10/tofu.c (busy_handler): Fix the flags and utime is not needed. + +2016-11-18 Werner Koch <wk@gnupg.org> + + dirmngr: Use a longer timer tick interval. + + commit 833eef974ad4721b9b3e247bae9c890476a936ce + * dirmngr/dirmngr.c (TIMERTICK_INTERVAL): Always use 60 seconds like + we did for WindowsCE. + +2016-11-18 Daniel Kahn Gillmor <dkg@fifthhorseman.net> + + dirmngr: More w32 system daemon cleanup. + + commit b3a917201207898059c048dd101344765201b03c + * dirmngr/dirmngr.c (handle_tick): Remove w32 tests for + shutdown_pending; no longer needed. + +2016-11-18 NIIBE Yutaka <gniibe@fsij.org> + + g10: Fix creating a lock for ToFU. + + commit b2e1b17efa952afcf7aeec8b15e9d0088dba587a + * g10/tofu.c (busy_handler): Add third argument which is mandatory for + O_CREATE flag. + + scd: Don't limit to ST-2xxx for PC/SC. + + commit b6066ab18a67195817babaf9eccf896c2b3c7b0e + * scd/apdu.c (pcsc_vendor_specific_init): Only check vender ID. + +2016-11-17 Daniel Kahn Gillmor <dkg@fifthhorseman.net> + + dirmngr: Use a default keyserver if none is explicitly set. + + commit 8fb482252436b3b4b0b33663d95d1d17188ad1d9 + * configure.ac: Define DIRMNGR_DEFAULT_KEYSERVER. + * dirmngr/server.c (ensure_keyserver): Use it if no keyservers are set. + * doc/dirmngr.texi: Document this behavior. + + dirmngr: Add system CAs if no hkp-cacert is given. + + commit 7c1613d41566f7d8db116790087de323621205fe + * dirmngr/dirmngr.c (http_session_new): If the user isn't talking to + the HKPS pool, and they have not specified any hkp-cacert, then we + should default to the system CAs, rather than nothing. + * doc/dirmngr.texi: Document choice of CAs. + + dirmngr: Register hkp-cacert even if the file doesn't exist yet. + + commit c4e02a3b7ad6ee1da6bfc439921378bdbd5c029c + * dirmngr/dirmngr.c (parse_readable_options): If we're unable to turn + an argument for hkp-cacert into an absolute filename, terminate + completely. + * dirmngr/http.c (http_register_tls_ca): Show a warning if file is not + immediately accessible, but register it anyway. + +2016-11-17 Justus Winter <justus@g10code.com> + + gpgscm: Re-enable the garbage collector in case of errors. + + commit 4f189325a409bb08f7a8eabfac3f4579288cf5c5 + * tests/gpgscm/scheme.c (opexe_0): Enable gc before calling 'Error_1'. + + gpgscm: Fix string. + + commit fc53a4d06eaf891143ab4efec9caffe31ebc2bc0 + * tests/gpgscm/scheme.c (type_to_string): Fix string. + +2016-11-17 Werner Koch <wk@gnupg.org> + + dirmngr: Auto-sownload the swdb.lst. + + commit bd91f92ace09263e3a91177f2a1644379baeb08a + * dirmngr/dirmngr.h (struct opt): Add field allow_version_check. + * dirmngr/dirmngr.c (oAllowVersionCheck): New. + (opts): Add --allow-version-check. + (network_activity_seen): New variable. + (parse_rereadable_options): Set opt.allow_version_check. + (main) <aGPGConfList>: Do not anymore set the no change flag for + Windows. Add allow-version-check. + (netactivity_action): Set network_activity_seen. + (housekeeping_thread): Call dirmngr_load_swdb. + * tools/gpgconf-comp.c (gc_options_dirmngr): Add allow-version-check. + Make "use-tor" available at Basic level. + + dirmngr: Improve downloading of swdb.lst. + + commit c45ca316a54665915ae08399484db271566db7c0 + * dirmngr/loadswdb.c (time_of_saved_swdb): Aslo return the "verified" + timestamp. + (dirmngr_load_swdb): Avoid unnecessary disk or network access witout + FORCE. Do not update swdb.lst if it did not change. + + gpgconf: Change the displayed names of the components. + + commit d8da5bc50b856db3445435780311c9f8e52a5144 + + +2016-11-16 Werner Koch <wk@gnupg.org> + + dirmngr: Add command to only load the swdb. + + commit 52c10a280af6ce06eb1732ff35b095f2b8d24b9f + * dirmngr/loadswdb.c: New. + * dirmngr/Makefile.am (dirmngr_SOURCES): Add that file. + * dirmngr/server.c: Remove includes cpparray.h and exectool.h. + (cmd_loadswdb): New. + (parse_version_number,parse_version_string): Remove. + (my_mktmpdir, cmp_version): Remove. + (fetch_into_tmpdir): Remove. + (struct verify_swdb_parm_s): Remove. + (verify_swdb_status_cb): Remove. + (cmd_versioncheck): Remove. + (register_commands): Register LOADSWDB. Remove VERSIONCHECK. + + scd,dirmngr: Keep the standard fds when daemonizing. + + commit 4839e6d002a8ad1f7d3260792c3c9641e258f342 + * dirmngr/dirmngr.c (main): Before calling setsid do not close the + standard fds but connect them to /dev/null. + * scd/scdaemon.c (main): Ditto. Noet that the old test for a log + stream was even reverted. + + common: Rename keybox_file_rename to gnupg_rename_file. + + commit c4506a3f15bba5d257cb4c6738800c5e00ecc9a2 + * kbx/keybox-util.c (keybox_file_rename): Rename to ... + * common/sysutils.c (gnupg_rename_file): this. Change all callers. + + wks: Always build gpg-wks-client. + + commit c564790df723beef031d83802bd7830737bd330a + * tools/Makefile.am (gpg_wks_client): Remove macro. + (libexec_PROGRAMS): Add gpg-wks-client. + + gpg: New option --override-session-key-fd. + + commit 43bfaf2c5417ede621c0a07721952ea549a7a139 + * g10/gpg.c (oOverrideSessionKeyFD): New. + (opts): Add option --override-session-key-fd. + (main): Handle that option. + (read_sessionkey_from_fd): New. + +2016-11-15 Werner Koch <wk@gnupg.org> + + gpgv: New option --enable-special-filenames. + + commit 500e594c2da530e69a63fc1a40d173458682fa0e + * g10/gpgv.c (oEnableSpecialFilenames): New. + (opts): Add option --enable-special-filenames. + (main): Implement that option. + + gpg: Add new compliance mode "de-vs". + + commit b47603a0ac24902c5bb000f8ef27cfb99aceeb81 + * g10/options.h (CO_DE_VS): New. + (GNUPG): Also allow CO_DE_VS. + * g10/gpg.c (oDE_VS): New. + (parse_compliance_option): Add "de-vs". + (set_compliance_option): Set "de-vs". + * g10/misc.c (compliance_option_string): Return a description string. + (compliance_failure): Ditto. + * g10/keygen.c (ask_algo): Take care of CO_DE_VS. + (get_keysize_range): Ditto. + (ask_curve): Add new field to CURVES and trun flags into bit flags. + Allow only Brainpool curves in CO_DE_VS mode. + + gpg: Use usual free semantics for packet structure free functions. + + commit 8ea3b4c4102dc67ed83d4419b7171e422fc01047 + * g10/free-packet.c (free_attributes): Turn function into a nop for a + NULL arg. + (free_user_id): Ditto. + (free_compressed): Ditto. + (free_encrypted): Ditto. + (free_plaintext): Ditto. + (release_public_key_parts): Avoid extra check for NULL. + * g10/getkey.c (get_best_pubkey_byname): Ditto. + +2016-11-15 Justus Winter <justus@g10code.com> + + g10: Optimize key iteration. + + commit 12834e84aca9d74800245f0f2f2e6b5123e76173 + * g10/getkey.c (get_best_pubkey_byname): Use the node returned by + 'getkey_next' instead of doing another lookup. + + g10: Fix memory leak. + + commit d20107f6da094edd782947abb357abae5129a12c + * g10/getkey.c (finish_lookup): Clarify that we do not return a + reference. + (lookup): Clarify the relation between RET_KEYBLOCK and RET_FOUND_KEY. + Check arguments. Actually release the node if it is not returned. + + g10: Fix iteration over getkey results. + + commit 1d03cc77e1706f7da653153ad4b58c61e4fd2573 + * g10/getkey.c (getkey_next): Fix invocation of 'lookup'. If we want + to use RET_FOUND_KEY, RET_KEYBLOCK must be valid. + + g10: Fix use-after-free. + + commit bd60742925414e0ef2a497df827c1913ea211a44 + * g10/getkey.c (pubkey_cmp): Make a copy of the user id. + (get_best_pubkey_byname): Free the user ids. + +2016-11-15 Werner Koch <wk@gnupg.org> + + sm: New stub option --compliance. + + commit 26c7c1d72c5f2acb3edb58d610c09a635c87bdbf + * sm/gpgsm.c (oCompliance): New. + (opts): Add "--compliance". + (main): Implement as stub. + +2016-11-15 NIIBE Yutaka <gniibe@fsij.org> + + g10: Fix memory leak. + + commit 1f7639ebbe58af1b581b0be7809da9ee55482992 + * g10/keyedit.c (menu_adduid): Don't copy 'sig'. + +2016-11-15 Werner Koch <wk@gnupg.org> + + gpg: New option --compliance. + + commit f86b1a15ad4bb7bcc1e9f7d209aabcb23641f7df + * g10/gpg.c (oCompliance): New. + (opts): Add "--compliance". + (parse_tofu_policy): Use a generic description string for "help". + (parse_compliance_option): New. + (main): Add option oCompliance. Factor out code for compliance + setting to ... + (set_compliance_option): new. + +2016-11-15 Justus Winter <justus@g10code.com> + + g10: Fix memory leak. + + commit 809d67e74014cb563efd965744fd11f87bbae743 + * g10/keyedit.c (menu_adduid): Deallocate 'sig'. + + gpgscm: Mark cells requiring finalization. + + commit 64a58e23c38db8658423bbe26fcd650330e24a88 + * tests/gpgscm/scheme.c (T_FINALIZE): New macro. + (mk_port): Use the new macro. + (mk_foreign_object): Likewise. + (mk_counted_string): Likewise. + (mk_empty_string): Likewise. + (gc): Only call 'finalize_cell' for cells with the new flag. + + gpgscm: Recover more cells. + + commit 93cc322ac06d3045a24aece90091f7f80f3dacb8 + * tests/gpgscm/scheme.c (_s_return): Recover the cell holding the + opcode. + +2016-11-14 Justus Winter <justus@g10code.com> + + g10: Fix memory leak. + + commit 2cd281c4def1ea881b92b9aba18c1892f89c1870 + * g10/mainproc.c (check_sig_and_print): Free 'pk'. + + gpgscm: Avoid cell allocation overhead. + + commit 83c184a66b73f312425b01008f0495610e5329a4 + * tests/gpgscm/scheme-private.h (struct scheme): New fields + 'inhibit_gc', 'reserved_cells', and 'reserved_lineno'. + * tests/gpgscm/scheme.c (GC_ENABLED): New macro. + (USE_GC_LOCKING): Likewise. + (gc_reservations): Likewise. + (gc_reservation_failure): New function. + (_gc_disable): Likewise. + (gc_disable): New macro. + (gc_enable): Likewise. + (gc_enabled): Likewise. + (gc_consume): Likewise. + (get_cell_x): Consume reserved cell if garbage collection is disabled. + (_get_cell): Assert that gc is enabled. + (get_cell): Only record cell in the list of recently allocated cells + if gc is enabled. + (get_vector_object): Likewise. + (gc): Assert that gc is enabled. + (s_return): Add comment, adjust call to '_s_return'. + (s_return_enable_gc): New macro. + (_s_return): Add flag 'enable_gc' and re-enable gc if set. + (oblist_add_by_name): Use the new facilities to protect the + allocations. + (new_frame_in_env): Likewise. + (new_slot_spec_in_env): Likewise. + (s_save): Likewise. + (opexe_0): Likewise. + (opexe_1): Likewise. + (opexe_2): Likewise. + (opexe_5): Likewise. + (opexe_6): Likewise. + (scheme_init_custom_alloc): Initialize the new fields. + +2016-11-14 NIIBE Yutaka <gniibe@fsij.org> + + scd: Fix status info encoding. + + commit 4ee4d0b02172cf56d9582bb99e32a65c75315b25 + * scd/command.c (send_status_info): Do percent plus encoding correctly. + +2016-11-12 Werner Koch <wk@gnupg.org> + + agent: Improve concurrency when Libgcrypt 1.8 is used. + + commit 6bf698197222bf6081c249c815aebb075e8ec820 + * agent/gpg-agent.c (thread_init_once): Tell Libgcrypt to reinit the + system call clamp. + (agent_libgcrypt_progress_cb): Do not sleep if Libgcrypt is recent + enough. + +2016-11-11 Werner Koch <wk@gnupg.org> + + agent: Kludge to mitigate blocking calls in Libgcrypt. + + commit 4473db1ef24031ff4e26c9a9de95dbe898ed2b97 + * agent/gpg-agent.c (agent_libgcrypt_progress_cb): Sleep for 100ms on + "need_entropy". + + dirmngr: Prepare to trigger jobs by network activity. + + commit 7b04a43c05834b937b32a596f1941e9728add5fa + * dirmngr/http.c (netactivity_cb): New. + (http_register_netactivity_cb): New. + (notify_netactivity): New. + (connect_server): Call that function. + * dirmngr/dirmngr.c (main): Call http_register_netactivity_cb. + (netactivity_action): New stub handler. + +2016-11-11 Daniel Kahn Gillmor <dkg@fifthhorseman.net> + + agent: Clean up comments. + + commit e51912f467fda963c7abcfcd4082d6eb084ba5be + * agent/agent.h: Clean up comments. + +2016-11-10 Werner Koch <wk@gnupg.org> + + gpg,sm: Add STATUS_ERROR keydb_search and keydb_add-resource. + + commit 5d13581f4737c18430f6572dd4ef486d1ad80dd1 + * g10/keydb.c (keydb_add_resource): Make ANY_REGISTERED + file-global. Write a STATUS_ERROR. + (maybe_create_keyring_or_box): Check for non-accessible but existant + file. + (keydb_search): Write a STATUS_ERROR if no keyring has been registered + but continue to return NOT_FOUND. + * sm/keydb.c (keydb_add_resource): Rename ANY_PUBLIC to ANY_REGISTERED + and make file-global. Write a STATUS_ERROR. + (keydb_search): Write a STATUS_ERROR if no keyring has been registered + but continue to return NOT_FOUND. Also add new arg CTRL and change + all callers to pass it down. + + sm: Remove unused arg SECRET from keydb functions. + + commit c8044c6e335f044d7386b9e8869bc4a0d3adff70 + * sm/keydb.c (struct resource_item): Remove field 'secret'. + (keydb_add_resource): Remove arg 'secret' and change all callers. + (keydb_new): Ditto. + +2016-11-10 Justus Winter <justus@g10code.com> + + gpgscm: Recover cells from the list of recently allocated cells. + + commit ee08677d63a900cea85228024861a4f5c5a87c69 + * tests/gpgscm/scheme.c (ok_to_freely_gc): Recover cells. + + gpgscm: Recover cells used to maintain interpreter state. + + commit e0cbd3389e2dd6ec19ee3a4c7bad81fa0f1907f5 + * tests/gpgscm/scheme.c (free_cell): New function. + (free_cons): Likewise. + (_s_return): Use the new function to recover cells used to save the + state of the interpreter in 's_save'. This reduces the need to do a + garbage collection considerably. + + gpgscm: Reduce opcode dispatch overhead. + + commit d3a98ff5bc972a4c9b01b9e5338a4a59b5b4ac48 + * tests/gpgscm/scheme.c (s_thread_to): New macro. + (CASE): Likewise. + (opexe_[0-6]): Use 'CASE' instead of 'case' statements, replace + 's_goto' with 's_thread_to' where applicable. + + gpgscm: Make the compile-hook configurable. + + commit 568cfcde45a0d6c456d8f8be1ea0e408416badad + * tests/gpgscm/scheme-private.h (struct scheme): Make field + 'COMPILE_HOOK' optional. + * tests/gpgscm/scheme.c (opexe_0): Fix guard. + (scheme_init_custom_alloc): Conditionally initialize 'COMPILE_HOOK'. + * tests/gpgscm/scheme.h (USE_COMPILE_HOOK): Define to 1 by default. + + gpgscm: Drop obsolete commented-out code. + + commit 9ee184bc0afaea06785d836ed175b851b9ae532f + * tests/gpgscm/scheme.c (opexe_5): Drop obsolete code. + + gpgscm: Remove dubious stack implementation. + + commit d7c5799c282a03dcce0e3d327075233353cb76cc + * tests/gpgscm/scheme-private.h (struct scheme): Remove related fields. + * tests/gpgscm/scheme.c: Drop all !USE_SCHEME_STACK code. + * tests/gpgscm/scheme.h (USE_SCHEME_STACK): Remove macro. + +2016-11-10 Werner Koch <wk@gnupg.org> + + gpg: Improve error message for --quick-gen-key. + + commit 088d955bd8a6ec8bbf76c8a4c01eb08499d1d9fa + * g10/keygen.c (parse_algo_usage_expire): Use a different error + message for an unknown algorithm name. + + dirmngr: Improve concurrency in the non-adns case. + + commit c7ea98cd3d44abf00e32c081e5049ad1d0b1f12c + * dirmngr/dns-stuff.c (map_adns_status_to_gpg_error): New. + (resolve_name_adns, get_dns_cert, get_dns_cname): Use that function. + (getsrv) [!USE_ADNS]: Call res_query outside of nPth. + +2016-11-08 Justus Winter <justus@g10code.com> + + tests: Fix environment setup. + + commit 1062953d5132af674aacfc6372e3e9f066c5d145 + * tests/openpgp/defs.scm (setup-legacy-environment): Do not call + 'setup-environment' because that will start the agent, and hence + register the atexit function twice. + + Fixes: a55393cb5f4b331cb3a715c7d9a8b91f7606f337 + + tests: Log and display output from tests when run in parallel. + + commit 2a7615c48ed79e6b28710cc293ce30c812b2e5b0 + * tests/openpgp/run-tests.scm (test): Add field 'logfd'. + (test::new, test::set-*): Adapt accordingly. + (test::set-logfd): New function. + (test::open-log-file): Likewise. + (test::run-sync): Use the new function. + (test::run-async): Likewise. + (test::report): Replay the log. + (run-tests-parallel): Reverse the results to restore the original + order. + + tests: Simplify test. + + commit 4dd4801bfa4c3f7ba279b3d171a8ed299dbffaaa + * tests/openpgp/issue2417.scm: Simplify. + + gpgscm: Expose seek and associated constants. + + commit 591d61d80f4f81176f7e236df794922df9e001a1 + * tests/gpgscm/ffi.c (do_seek): New function. + (ffi_init): Expose 'seek' and 'SEEK_{SET,CUR,END}'. + * tests/gpgscm/lib.scm: Document the new function. + + gpgscm: Fix error message. + + commit d4454837cd60981c2863955b11c9e1cc8f9e3833 + * tests/gpgscm/ffi.c (do_wait_processes): Fix and improve error + messages. + + tests,w32: Make cleanup more robust. + + commit dd13b2a561e31045fd3d3576bab99543cd4eb6cc + * tests/openpgp/run-tests.scm (run-tests-parallel): Catch errors when + removing the working directory. On Windows this can fail if there is + still a process using one of the files there. + (run-tests-sequential): Likewise. + + common,w32: Simplify locking. + + commit 7cbb0803847b8db618d39ff50ae6015e409ab1ae + * common/asshelp.c (lock_spawning): Use the same code on Windows that + we use on all other platforms. + (unlock_spawning): Likewise. + +2016-11-07 Justus Winter <justus@g10code.com> + + tests: Write a log file for each test. + + commit 26df829fa22f027ca4a5eaf155cdaa2123afbdd5 + * tests/openpgp/Makefile.am (CLEANFILES): Delete logs. + * tests/openpgp/run-tests.scm (test::run-sync): Write logs. + + gpgscm: Generalize splice to write to multiple sinks. + + commit abe0cc7a21d2b0b5c77cc525b999d1ede2d29185 + * tests/gpgscm/ffi.c (ordinal_suffix): New function. + (do_splice): Generalize splice to write to multiple sinks. + * tests/gpgscm/lib.scm (splice): Document this fact. + + gpgscm: Drop 'len' argument from splice. + + commit 4d98a72b88cf167295e1ecd6125b9c7a11b6239f + * tests/gpgscm/ffi.c (do_splice): Drop 'len' argument, no-one uses it. + * tests/gpgscm/lib.scm (splice): Document foreign function. + + tests: Move environment creation and teardown into each test. + + commit a55393cb5f4b331cb3a715c7d9a8b91f7606f337 + * tests/gpgscm/tests.scm (log): New function. + * tests/openpgp/run-tests.scm (run-tests-parallel): Do not run the + startup and teardown scripts. + (run-tests-sequential): Likewise. + * tests/openpgp/setup.scm: Move all functions... + * tests/openpgp/defs.scm: ... here and make them less verbose. + (setup-environment): New function. + (setup-legacy-environment): Likewise. + (start-agent): Make less verbose, run 'stop-agent' at interpreter + exit. + (stop-agent): Make less verbose. + * tests/openpgp/finish.scm: Drop file. + * tests/openpgp/Makefile.am (EXTRA_DIST): Drop removed file. + * tests/openpgp/4gb-packet.scm: Use 'setup-environment' or + 'setup-legacy-environment' as appropriate. + * tests/openpgp/armdetach.scm: Likewise. + * tests/openpgp/armdetachm.scm: Likewise. + * tests/openpgp/armencrypt.scm: Likewise. + * tests/openpgp/armencryptp.scm: Likewise. + * tests/openpgp/armor.scm: Likewise. + * tests/openpgp/armsignencrypt.scm: Likewise. + * tests/openpgp/armsigs.scm: Likewise. + * tests/openpgp/clearsig.scm: Likewise. + * tests/openpgp/conventional-mdc.scm: Likewise. + * tests/openpgp/conventional.scm: Likewise. + * tests/openpgp/decrypt-dsa.scm: Likewise. + * tests/openpgp/decrypt.scm: Likewise. + * tests/openpgp/default-key.scm: Likewise. + * tests/openpgp/detach.scm: Likewise. + * tests/openpgp/detachm.scm: Likewise. + * tests/openpgp/ecc.scm: Likewise. + * tests/openpgp/encrypt-dsa.scm: Likewise. + * tests/openpgp/encrypt.scm: Likewise. + * tests/openpgp/encryptp.scm: Likewise. + * tests/openpgp/export.scm: Likewise. + * tests/openpgp/finish.scm: Likewise. + * tests/openpgp/genkey1024.scm: Likewise. + * tests/openpgp/gpgtar.scm: Likewise. + * tests/openpgp/gpgv-forged-keyring.scm: Likewise. + * tests/openpgp/import.scm: Likewise. + * tests/openpgp/issue2015.scm: Likewise. + * tests/openpgp/issue2417.scm: Likewise. + * tests/openpgp/issue2419.scm: Likewise. + * tests/openpgp/key-selection.scm: Likewise. + * tests/openpgp/mds.scm: Likewise. + * tests/openpgp/multisig.scm: Likewise. + * tests/openpgp/quick-key-manipulation.scm: Likewise. + * tests/openpgp/seat.scm: Likewise. + * tests/openpgp/shell.scm: Likewise. + * tests/openpgp/signencrypt-dsa.scm: Likewise. + * tests/openpgp/signencrypt.scm: Likewise. + * tests/openpgp/sigs-dsa.scm: Likewise. + * tests/openpgp/sigs.scm: Likewise. + * tests/openpgp/ssh.scm: Likewise. + * tests/openpgp/tofu.scm: Likewise. + * tests/openpgp/use-exact-key.scm: Likewise. + * tests/openpgp/verify.scm: Likewise. + * tests/openpgp/version.scm: Likewise. + * tests/openpgp/issue2346.scm: Likewise and simplify. + + tests: Do not allow tests to be run in a shared environment. + + commit ac078469cbafe85cf771fca84f376740850d10b0 + * tests/openpgp/README: Update. + * tests/openpgp/run-tests.scm (run-tests-parallel-shared): Drop + function. + (run-tests-parallel-isolated): Rename to 'run-tests-parallel'. + (run-tests-sequential-shared): Drop function. + (run-tests-sequential-isolated): Rename to 'run-tests-sequential'. + + tests: Fix build. + + commit 37751d2b194bc33539f5b9ea0e02e9f209d2bcf6 + * tests/openpgp/Makefile.am: Drop dependency on 'mk-tdata'. + + Fixes: 70215ff470c82d144e872057dfa5a478cc9195f2 + +2016-11-07 Werner Koch <wk@gnupg.org> + + wks: Encrypt all client mails also the target key, + + commit 56e1864aa337f36317534db521fd4434d70e0784 + * tools/gpg-wks-client.c (encrypt_response): Add arg FINGERPRINT. + (send_confirmation_response): Ditto. + (process_confirmation_request): Parse out fingerprint and pass + send_confirmation_response. + +2016-11-07 Justus Winter <justus@g10code.com> + + tests,tools: Reimplement 'mk-tdata' in Scheme. + + commit 70215ff470c82d144e872057dfa5a478cc9195f2 + * tests/openpgp/defs.scm (tools): Drop 'mk-tdata'. + * tests/openpgp/setup.scm (make-test-data): New function. + * tests/openpgp/verify.scm: Avoid 'mk-tdata'. + * tools/Makefile.am (noinst_PROGRAMS): Drop 'mk-tdata'. + * tools/mk-tdata.c: Drop file. + + gpgscm,w32: Provide schemish file handling for binary files. + + commit 413cc50345557e0a516f33b98e8aab19bbc8b4fe + * tests/gpgscm/lib.scm (call-with-binary-input-file): New function. + (call-with-binary-output-file): Likewise. + + gpgscm: Add support for pseudo-random numbers. + + commit 6e677f9b55fdb610e93134042ee41ee5c641cbdf + * tests/gpgscm/ffi.c (do_getpid): New function. + (do_srandom): Likewise. + (random_scaled): Likewise. + (do_random): Likewise. + (do_make_random_string): Likewise. + (ffi_init): Expose the new functions. + * tests/gpgscm/lib.scm: Document the new functions. + + g10: Fix crash. + + commit 5840353d8bbcd9e75374f3bdb2547ffa7bbea897 + * g10/getkey.c (get_best_pubkey_byname): If 'get_pubkey_byname' does + not return a getkey context, then it can return at most one key, + therefore there is nothing to rank. Also, always initialize '*retctx' + to be on the safe side. + + Fixes: ab89164be02012f1bf159c971853b8610e966301 + +2016-11-04 Justus Winter <justus@g10code.com> + + gpgscm: Fix printing strings containing zero bytes. + + commit 1f45878a72f23d4bae08d73b614096b485f35274 + * tests/gpgscm/scheme.c (atom2str): Fix computing the length of Scheme + strings. Scheme strings can contain zero bytes. + + gpgscm: Implement 'atexit'. + + commit 43f8006f5c75e3d15fe200e2fa41587a73bfb07b + * tests/gpgscm/ffi.scm (throw): Run *run-atexit-handlers* when + terminating the interpreter. + (*atexit-handlers*): New variable. + (*run-atexit-handlers*): New function. + (atexit): Likewise. + * tests/gpgscm/main.c (main): Run *run-atexit-handlers* at normal + interpreter shutdown. + +2016-11-04 NIIBE Yutaka <gniibe@fsij.org> + + scd: Fix length error for READKEY. + + commit cd00b07ec26c3408e6aee66957b08c6fd319b700 + * scd/app-openpgp.c (do_readkey): Decrement the length. + + scd: Add --advanced option for READKEY. + + commit f9da935c3eb302e75a80def51128fb6f669661d7 + * scd/command.c (cmd_readkey) : Support ADVANCED arg. + * scd/app.c (app_readcert): Add ADVANCED arg. + * scd/app-openpgp.c (do_readkey): Implement ADVANCED arg. + * scd/app-nks.c (do_readkey): Error return with GPG_ERR_NOT_SUPPORTED. + +2016-11-03 Werner Koch <wk@gnupg.org> + + agent: Extend the PINENTRY_LAUNCHED inquiry and status. + + commit c1ea0b577a468030d2b006317ba27fc1746c4b14 + * agent/call-pinentry.c (start_pinentry): Get flavor and version and + pass it to agent_inq_pinentry_launched. + * agent/command.c (agent_inq_pinentry_launched): Add arg EXTRA. + * g10/server.c (gpg_proxy_pinentry_notify): Print a new diagnostic. + +2016-11-03 Justus Winter <justus@g10code.com> + + g10: Improve and unify key selection for -r and --locate-keys. + + commit ab89164be02012f1bf159c971853b8610e966301 + * g10/getkey.c (struct pubkey_cmp_cookie): New type. + (key_is_ok, uid_is_ok, subkey_is_ok): New functions. + (pubkey_cmp): Likewise. + (get_best_pubkey_byname): Likewise. + * g10/keydb.h (get_best_pubkey_byname): New prototype. + * g10/keylist.c (locate_one): Use the new function. + * g10/pkclist.c (find_and_check_key): Likewise. + * tests/openpgp/Makefile.am (XTESTS): Add new test. + (TEST_FILES): Add new files. + * tests/openpgp/key-selection.scm: New file. + * tests/openpgp/key-selection/0.asc: Likewise. + * tests/openpgp/key-selection/1.asc: Likewise. + * tests/openpgp/key-selection/2.asc: Likewise. + * tests/openpgp/key-selection/3.asc: Likewise. + * tests/openpgp/key-selection/4.asc: Likewise. + + gpgscm,tests: Add new functions to the test environment. + + commit 1ec07cbc209f247fd85704f5701564e31aa56d0b + * tests/gpgscm/lib.scm (first, last, powerset): New functions. + * tests/gpgscm/tests.scm (interactive-shell): New function. + * tests/openpgp/Makefile.am (EXTRA_DIST): Add new file. + * tests/openpgp/README: Document 'interactive-shell'. + * tests/openpgp/shell.scm: New file. + +2016-11-03 Werner Koch <wk@gnupg.org> + + gpgconf: Add a new field to the --query-swdb output. + + commit d10b67b9bc32e8feff1be86e6646fc23e58fe45d + * tools/gpgconf.c (query_swdb): Insert new field with the installed + version. Check that the supplied version does not contain a colon. + +2016-11-02 Werner Koch <wk@gnupg.org> + + gpgconf: Add command --query-swdb. + + commit 0ed6a6df5aa421a9c5cdb1e63867f0deee79af9e + * tools/gpgconf.c (aQuerySWDB): New. + (opts): Add --query-swdb. + (valid_swdb_name_p): New. + (query_swdb): New. + (main): Implement command --query-swdb. + + common: Improve compare_string_versions. + + commit 488b183811fc25c1ae49b4730491accf1adf518e + * common/stringhelp.c: Include limits.h. + (compare_version_strings): Change semantics to behave like strcmp. + Include the patch lebel in the comparison. Allow checking a single + version string. + * common/t-stringhelp.c (test_compare_version_strings): Adjust test + vectors and a few new vectors. + * g10/call-agent.c (warn_version_mismatch): Adjust to new sematics. + * g10/call-dirmngr.c (warn_version_mismatch): Ditto. + * sm/call-agent.c (warn_version_mismatch): Ditto. + * sm/call-dirmngr.c (warn_version_mismatch): Ditto. + +2016-11-02 Justus Winter <justus@g10code.com> + + gpgscm: Fix inclusion of readline header. + + commit 60ad1a7f37ffc10e601e69a3e2d2bb14af510257 + * tests/gpgscm/ffi.c: Define magic macro to prevent the completion + function from redefined. + +2016-11-02 Daniel Kahn Gillmor <dkg@fifthhorseman.net> + + build: Fix misspelled dirmngr. + + commit 5e693ddfbe44d149ce0d9393d699c613ad5ea706 + + + Spelling: correct spelling of "passphrase". + + commit 68b59bbc42ba9ec69496758743924d54a95742f0 + There were several different variant spellings of "passphrase". This + should fix them all for all English text. + + I did notice that po/it.po contains multiple instances of + "passhprase", which also looks suspect to me, but i do not know + Italian, so i did not try to correct it. + +2016-11-02 Justus Winter <justus@g10code.com> + + g10,w32: Fix build on Windows. + + commit 5d4f1408d0dd055d412ae44bb4a0f28f74617f05 + * g10/tofu.c (begin_transaction): Use the new 'gnupg_usleep'. + +2016-10-31 Werner Koch <wk@gnupg.org> + + common: New function gnupg_usleep. + + commit ad491ceec6145b3781a05dc7b4a36052abeeb4b4 + * configure.ac (HAVE_NANOSLEEP): Test for nanosleep. + * common/sysutils.c: Always include time.h. + (gnupg_usleep): New. + +2016-10-31 Andre Heinecke <aheinecke@intevation.de> + + w32: Fix PKG_CONFIG_LIBDIR in --build-w32. + + commit 3b6b8fe32af7568ff51066d4c2e3679df6dea86f + * autogen.sh: Point pkg-config to the right location. + +2016-10-31 Neal H. Walfield <neal@g10code.com> + + g10: Avoid gratuitious SQLite aborts and starving writers. + + commit 7a634e48b13c5d5d295b8fed9b429e1b2109a333 + * g10/tofu.c: Include <time.h>, <utime.h>, <fcntl.h> and <unistd.h>. + (tofu_dbs_s): Add fields want_lock_file and want_lock_file_ctime. + (begin_transaction): Only yield if DBS->WANT_LOCK_FILE_CTIME has + changed since we took the lock. Don't use gpgrt_yield to yield, but + sleep for 100ms. After taking the batch lock, update + DBS->WANT_LOCK_FILE_CTIME. Also take the batch lock the first time we + take the real lock. When taking the real lock, use immediate not + deferred mode to avoid gratuitious aborts. + (end_transaction): When dropping the outermost real lock, drop the + batch lock. + (busy_handler): New function. + (opendbs): Set the busy handler to it when opening the DB. Initialize + CTRL->TOFU.DBS->WANT_LOCK_FILE. + (tofu_closedbs): Free DBS->WANT_LOCK_FILE. + +2016-10-30 Neal H. Walfield <neal@g10code.com> + + g10: Avoid reading in keys when possible. + + commit eec365a02bd35d2d5c9e4d2c8d18bcd9180cf859 + * g10/tofu.c (build_conflict_set): If CONFLICT_SET contains a single + element, don't bother to check for cross sigs. Add parameter PK. + Update callers. + + g10: Fix bit setting. + + commit 614ca00676bb8ca12b5107fec0e4ef8818445254 + * g10/tofu.c (build_conflict_set): Fix bit setting. + +2016-10-28 Werner Koch <wk@gnupg.org> + + gpg: Enable the Issuer Fingerprint from rfc4880bis. + + commit b6f08dbb0b45059cdbbb5d9be9725e437f42a8cc + * g10/build-packet.c (build_sig_subpkt_from_sig): Always write the new + Issuer Fingerprint sub-packet. + * g10/mainproc.c (check_sig_and_print): Always consider that + sub-packet. + +2016-10-27 Werner Koch <wk@gnupg.org> + + dirmngr: Fix signature checking. + + commit 5a1f6a0062488aaf345b1c73ba98a540e673d619 + * dirmngr/server.c: Include cpparray.h. + (verify_swdb_parm_s): New. + (verify_swdb_status_cb): New. + (cmd_versioncheck): Use gpgv to correclty verify the signature. + Rename some variable to comply with GNU standards. + + gpg: Verify multiple detached signatures with different hash algos. + + commit 8fced66be35db5ac2a6bfdb9bccb2c0e582d8256 + * g10/mainproc.c (proc_tree): Loose check. Enable all algos. + + common: Add GNUPG_MODULE_NAME_GPGV. + + commit ece9ade4b44fb3d5d120cfd32b23632e5efd2134 + * common/util.h (GNUPG_MODULE_NAME_GPGV): New. + * common/homedir.c (gnupg_module_name): Implement. + +2016-10-27 Justus Winter <justus@g10code.com> + + g10: Fix iteration over getkey results. + + commit 8ea72a776a88f3c851e812d258355be80caa1bc1 + * g10/getkey.c (getkey_next): Return the public key in PK even if + RET_KEYBLOCK is NULL. + + g10: Assert preconditions. + + commit 66a0091d74768ab3a4a5342d3645e1834c59045a + * g10/getkey.c (get_pubkey_byname): Assert preconditions. + +2016-10-27 Werner Koch <wk@gnupg.org> + + dirmngr: Do not implement --supervised in Windows. + + commit cf20b23c146c9e499263654644035796475de097 + * dirmngr/dirmngr.c (opts) [W32]: Remove --supervised. + (main) [W32]: Ditto. + + common: Remove debug output from gnupg_get_socket_name. + + commit a9c8b5fbe7ae241bf45bdee15884abc7891aedf9 + * common/sysutils.c (gnupg_get_socket_name): Remove debug message and + use my_error_from_syserror. + +2016-10-27 NIIBE Yutaka <gniibe@fsij.org> + + dirmngr: ADNS error handling fix. + + commit 45dfc02b47f798f5a3b9973ca6a9f5a907d7e665 + * dirmngr/dns-stuff.c (resolve_name_adns, get_dns_cert, get_dns_cname): + Use gpg_error and gpg_err_code_from_errno to compose the error value. + +2016-10-27 Werner Koch <wk@gnupg.org> + + gpg: Convey --quick option to dirmngr for --auto-key-retrieve. + + commit a15ed5a1fd5307b3ec1822daf3b138b187db0b5e + * g10/call-dirmngr.c (gpg_dirmngr_ks_get): Add arg 'quick'. + (gpg_dirmngr_wkd_get): Ditto. + * g10/keyserver.c (keyserver_get): Add arg 'quick'. + (keyserver_get_chunk): Add arg 'quick'. + (keyserver_import_fprint): Ditto. Change callers to pass 0 for it. + (keyserver_import_keyid): Ditto. + (keyserver_import_wkd): Ditto. + * g10/mainproc.c (check_sig_and_print): Call the 3 fucntions with + QUICK set. + +2016-10-27 NIIBE Yutaka <gniibe@fsij.org> + + common: Fix gnupg_inotify_has_name, differently. + + commit 8b3d0d1a36cab83dafb98ccb7895144edb95e298 + * common/sysutils.c (gnupg_inotify_has_name): Use void * to stop the + warning. + + dirmngr: More ADNS error fix. + + commit 6f1d8123d61b3efac94b4c61ee75bd947790ba42 + * dirmngr/dns-stuff.c (get_dns_cert, getsrv, get_dns_cname): Fix return + value. + + dirmngr: Fix error return for ADNS. + + commit 8a9341b42cd1891090d45cc068bff84b2b3edb50 + * dirmngr/dns-stuff.c (resolve_name_adns): Use RET for return value. + + g10: Fix ECDH, clarifying the format. + + commit ca0ee4e381d0b6a57e4ddc8f4bb2390eb97a2540 + * g10/ecdh.c (pk_ecdh_encrypt_with_shared_point): Returns error when + it's short. Clarify the format. Handle other prefixes correctly. + + scd: Add 0x41 prefix for x-coordinate only result. + + commit 6bbd97d6c771b2e2c7cfcff6d5a823f0fb44d443 + * scd/app-openpgp.c (do_decipher): When it's x-coordinate only, add the + prefix 0x41. + +2016-10-27 Arnaud Fontaine <arnaud.fontaine@ssi.gouv.fr> + + g10: ECDH shared point format. + + commit b648f28f9f8b889f1217a649ded1d45f261bb2bf + * g10/ecdh.c (pk_ecdh_encrypt_with_shared_point): Improve handling of + ECDH shared point format. + +2016-10-27 Daniel Kahn Gillmor <dkg@fifthhorseman.net> + + dirmngr: Implement --supervised command (for systemd, etc). + + commit 75f8aaf5bc2dc7fcffe2987a572d489155c91eb9 + * dirmngr/dirmngr.c (main): Add new --supervised command, which is a + mode designed for running under a process supervision system like + systemd or runit. + * doc/dirmngr.texi: document --supervised option. + + agent,common: move get_socket_name() into common. + + commit 6316b28e896957adb76a61a41d2e1c2a08d9f716 + * agent/gpg-agent.c (get_socket_name): move to ... + * common/sysutils.c (gnupg_get_socket_name): ... here. + + dirmngr: report actual socket name. + + commit 6bb6ac56cca8135666387a0b9d88dd6b50311418 + * dirmngr/dirmngr.[ch] (dirmngr_get_current_socket_name): new function + to report known socket name. + * dirmngr/server.c (cmd_getinfo): use dirmngr_get_current_socket_name + to report correct socket name. + +2016-10-27 NIIBE Yutaka <gniibe@fsij.org> + + common: Fix gnupg_inotify_has_name. + + commit bc28f320fa6f5b9fcdb73dba5e6c582daf7992c5 + * common/sysutils.c (gnupg_inotify_has_name): Take care of the + alignment. + + dirmngr: Fix help string and argument. + + commit 96414baf36b8e6385b71847c789d489ebe176a93 + * dirmngr/server.c (hlp_versioncheck): Add a newline. + (cmd_versioncheck): Fix argument. + +2016-10-26 Werner Koch <wk@gnupg.org> + + dirmngr: Fix hang due to deferred thread initialization. + + commit d1ccab5176d7719328b287544b54b85e0277b146 + * dirmngr/dirmngr.c (main): Call ldap_wrapper_launch_thread after + thread_init. + + agent: Avoid double error message. + + commit b77f95a4a675fd20f6eeb611f4e7b519eceb4ad3 + * agent/gpg-agent.c (map_supervised_sockets): Shorten error message. + Remove unneeded diagnostic. + + common: Use GPG_ERR_INV_VALUE instead of GPG_ERR_EINVAL. + + commit ece13f177d948013b6f3df926406c0cd947abc25 + * common/sysutils.c (gnupg_inotify_watch_socket): Return + GPG_ERR_INV_VALUE for a missing socket name and set proper error + source. + + tests: Improve portability of fake-pinentry. + + commit 21b318452abbfe21c45c2a67dae0e3a81cff1090 + * tests/openpgp/fake-pinentry.c: Make all functions static. + (get_passphrase): s/unlink/remove/ because that is standard C. + (spacep): Rename to whitespace and change all callers. + (main): Move macro out of if-then chain. + +2016-10-26 Daniel Kahn Gillmor <dkg@fifthhorseman.net> + + agent: --supervised mode improvements. + + commit 27f6d5b9f4b6057ddeb9ace87a1e7e61ebac63e6 + * agent/gpg-agent.c (map_supervised_socket): if the agent is running + in --supervised mode and is not actually given LISTEN_FDNAMES + directives, require at least fd 3 to be open for listening. + + common: avoid segfault. + + commit 3b5f5e0eb02ecbdcf59722755f22a9d2f88de6e6 + * common/sysutils.c (gnupg_inotify_watch_socket): return EINVAL if + socket_name is NULL, rather than segfaulting + +2016-10-25 Justus Winter <justus@g10code.com> + + agent,tests,w32: Fix relaying pinentry user data, fix fake-pinentry. + + commit 852b8f0b89d447536dfdf6cd4ea91615c75491ce + * agent/call-pinentry.c (start_pinentry): Also send the user data + using an Assuan 'OPTION' command. + * tests/openpgp/fake-pinentry.c (get_passphrase): Fix updating + passphrase file. + (spacep): Include newline characters. + (rstrip): New function. + (main): Handle Windows line endings. Handle the userdata option, and + restart with the new options. + + tests: Do not autostart gpg-agents on teardown. + + commit f88f11a25665dca7490a09088aa24edf396e4c40 + * tests/openpgp/defs.c (stop-agent): Use '--no-autostart' when calling + gpg-connect-agent. + +2016-10-25 Werner Koch <wk@gnupg.org> + + dirmngr: Allow command VERSIONCHECK to handle 3 part version numbers. + + commit b120f358c25cc846ca9d841d47e71ca1a7fe02e4 + * dirmngr/server.c (parse_version_string): Add arg MICRO and set it. + (cmp_version): Extend to handle the MICRO part. + (confucius_mktmpdir): Rename to my_mktmpdir. + (my_mktmpdir): xstrconcat does not fail; use strconcat. + (fetch_into_tmpdir): Improve error checking. + + common: Use strconcat in gnupg_setenv. + + commit 7983f8758703071710c11bf2a255efcd71836b65 + * common/sysutils.c (gnupg_setenv): Replace malloc+stpcpy by + strconcat. Indent cpp conditionals. + (gnupg_unsetenv): Indent cpp conditionals. + +2016-10-24 Werner Koch <wk@gnupg.org> + + gpg: Replace two sprintf calls. + + commit 9d6146d6f9870fbfcec15cdc4becaf094d5a90e0 + * g10/keygen.c (print_status_key_created): Use snprintf for now. + (ask_expire_interval): Replace xmalloc and sprintf by xasprintf. + + agent: Minor cleanup for recent change in findkey.c. + + commit 8c40b3b98d3ddeda79fde981e6539c5b3b09d9a2 + * agent/findkey.c (agent_write_private_key): Avoid label name error. + + agent: Slightly change structure of cmd_readkey. + + commit fdb653a33ea1a24d1159880624dbbcc0867865b5 + * agent/command.c (cmd_readkey): Avoid a leave label in the middle of + the code. Remove the special return. + +2016-10-24 Kai Michaelis <kai@gnupg.org> + + dirmngr: Fix segfault in VERSIONCHECK. + + commit 5e7dfd979d2d91800d90c3ce9a66755df3217682 + * dirmngr/server.c (cmd_versioncheck): The VERSIONCHECK command crashes + when called without program version. + +2016-10-24 NIIBE Yutaka <gniibe@fsij.org> + + scd: Use canonical curve name of libgcrypt. + + commit b1828c17fc475def1ee9e06f083f513f568c241b + * scd/app-openpgp.c (send_key_attr): Use curve instead of OID. + (ecdh_params): New. + (ecc_read_pubkey): Use ecdh_params. Use curve name. + (ecc_writekey): Likewise. + (ecc_curve): Rename from ecc_oid. + (parse_algorithm_attribute): Use ecc_curve. + * g10/call-agent.c (learn_status_cb): Use openpgp_is_curve_supported to + intern the curve name string. + * g10/card-util.c (card_status): Conver curve name to alias for print. + + common: Fix openpgp_is_curve_supported. + + commit 945e7ab0ddedf5f58afd97d81e101939de5b5d89 + * common/openpgp-oid.c (openpgp_is_curve_supported): Support both of + canonical name of the curve and alias. + + g10: Fix card keygen for decryption. + + commit acef0951646b47c87ccc1c616f0105a068e7ed86 + * g10/keygen.c (do_generate_keypair): Fix arguments. + +2016-10-22 NIIBE Yutaka <gniibe@fsij.org> + + g10: More card key generation change. + + commit 987bbb2276aeb6bee2793e8406e223717b605009 + * g10/keygen.c (gen_card_key): Add back ALGO as the second argument. + Don't get ALGO by KEY-ATTR by this function. It's caller to provide + ALGO. Don't do that by both of caller and callee. + (generate_keypair): Only put paramerters needed. Use parameters + for ALGO to call gen_card_key. + (generate_card_subkeypair): Get ALGO and call gen_card_key with it. + +2016-10-21 Andre Heinecke <aheinecke@intevation.de> + + g10: Write first keybox record in binary mode. + + commit f7e50634be71ce3028726f23edf14454109a04a8 + * g10/keydb.c (maybe_create_keyring_or_box): Open in binary mode. + +2016-10-21 NIIBE Yutaka <gniibe@fsij.org> + + g10,scd: Fix ECC keygen. + + commit d2653b1a6db90aed073194a51fd61023d69773ec + * g10/keygen.c (generate_keypair): For card key generation, fill + parameters by KEY-ATTR. + + * scd/app-openpgp.c (ecc_read_pubkey): OID should be freed at last, + after its reference by OIDBUF is finished. + (ecc_writekey): Likewise. + + scd: Fix segfault changing key attr. + + commit 693e657ff04756737dce025203c0deba480ea8de + * asc/app-openpgp.c (change_keyattr_from_string): Release after + allocated. + +2016-10-21 NIIBE Yutaka <gniibe@fsij.org> + Arnaud Fontaine <arnaud.fontaine@ssi.gouv.fr> + + g10: Don't ask keysize for for non-RSA card. + + commit dafce6f698bec6e9d4c0125b90754d0687294e86 + * g10/card-util.c (card_status): Bug fix for keyno. + (ask_card_rsa_keysize, do_change_rsa_keysize): Rename. + (generate_card_keys): Only ask keysize when RSA. + (card_generate_subkey): Likewise. + + g10: Support ECC for gen_card_key. + + commit 161cb22f13bcd8cbdb08558d9926b2168a8297ac + * g10/keygen.c (gen_card_key): Remove the first argument of ALGO. + (do_generate_keypair, generate_card_subkeypair): Follow the change. + +2016-10-21 NIIBE Yutaka <gniibe@fsij.org> + + Fix use cases of snprintf. + + commit 6e85ac77af594035137950d801d8a1bacce548a3 + * agent/call-pinentry.c, agent/call-scd.c, agent/command.c, + build-aux/speedo/w32/g4wihelp.c, common/get-passphrase.c, + dirmngr/dirmngr.c, g10/call-agent.c, g10/cpr.c, g10/keygen.c, + g10/openfile.c, g10/passphrase.c, scd/app-openpgp.c, scd/scdaemon.c, + sm/call-agent.c, sm/call-dirmngr.c, sm/certreqgen.c: Fix assuming C99. + + agent: Fix saving with FORCE=1. + + commit 1ffd475f99eaff4e40950eda88702f8db9288eb5 + * agent/findkey.c (agent_write_private_key): Recover from an error of + GPG_ERR_ENOENT when FORCE=1 and it is opened with "rb+". + +2016-10-20 Justus Winter <justus@g10code.com> + + tests: Simplify test. + + commit 71158d8d5f823888abc8588caa6497860ce59c06 + * tests/openpgp/quick-key-manipulation.scm: Avoid creating a temporary + home directory, just make the uids unique. + + tests: Flush stdout in the fake pinentry. + + commit ca9597f080f70a8435daaeb5449bef0462a1402a + * tests/openpgp/fake-pinentry.c (reply): Flush stdout. + + common,w32: Fix setting environment variables on Windows. + + commit 8c7c4faf3de28ca70a60e6b15f51c1b206e0ddd9 + * common/sysutils.c (gnupg_setenv): Also update the environment block + maintained by the C runtime. + (gnupg_unsetenv): Likewise. + * tests/gpgscm/ffi.c (do_setenv): Fix error handling. + + tests,w32: Cope with Windows line endings. + + commit bf37916a23bd0929fc4a5f28c9a41f43c5a473f6 + * tests/openpgp/issue2015.scm: Rstrip line before comparison. + + tests: Create and remove socket directories. + + commit 2d794779e0fd9d9a1efc98e7bd77a296a25f4293 + * tests/openpgp/defs.scm (start-agent): Move function here and create + the socket directory prior to starting the agent. + (stop-agent): Move function here and remove the socket directory. + * tests/openpgp/finish.scm: Adapt. + * tests/openpgp/setup.scm: Likewise. + +2016-10-20 NIIBE Yutaka <gniibe@fsij.org> + + agent, g10: Fix keygen. + + commit 9a34e2142b426b98c73fd888102ea1596bbce62a + * agent/command.c (cmd_readkey): Get length after card_readkey. + * g10/keygen.c (gen_card_key): Fix off-by-one error. + + scd: GENKEY updates the public key in APP. + + commit b680f79cc112c4831293e259d7db2921bcd783a4 + * scd/app-openpgp.c (rsa_read_pubkey, ecc_read_pubkey): New. + (read_public_key): New. + (get_public_key, do_genkey): Use read_public_key. + + g10: smartcard keygen change. + + commit 980c037bedb968ddf155dd334c0a70b918a17759 + * g10/call-agent.c (scd_genkey_cb_append_savedbytes): Remove. + (scd_genkey_cb): Only handle KEY-CREATED-AT and PROGRESS. + (agent_scd_genkey): Remove INFO argument. CREATETIME is now in/out + argument. + (agent_readkey): Use READKEY --card instead of SCD READKEY. + * g10/keygen.c (gen_card_key): Use READKEY --card command of the agent + to retrieve public key information from card and let the agent make + a file for private key with shadow info. + + agent: Add --card option for READKEY. + + commit 82cbab906a3e72a98fdc16096f2f0451465969a2 + * agent/findkey.c (agent_write_shadow_key): New. + * agent/command-ssh.c (card_key_available): Use agent_write_shadow_key. + * agent/learncard.c (agent_handle_learn): Likewise. + * agent/command.c (cmd_readkey): Add --card option. + +2016-10-19 Kai Michaelis <kai@gnupg.org> + + dirmngr: improve VERSIONCHECK. + + commit 72a99f582dad4cb4c3b05b97c7ebb8d537f10b79 + Replace strtok_r() and code formatting. Use code from libgpg-error for + version comparison. + +2016-10-18 Justus Winter <justus@g10code.com> + + common: Fix copying data to estreams. + + commit 8dce5ee55a0268d196023224dcf3020306922490 + * common/exectool.c (copy_buffer_do_copy): Correctly account for + partially written data in the event of errors. + + common,w32: Communicate with child in non-blocking mode. + + commit 05a1e412332dd980353a4e3e59bc75ba40bae7fc + * common/exechelp-w32.c (gnupg_spawn_process): Open streams in + non-blocking mode if requested. + + common,w32: Extend gnupg_create_inbound_pipe et al. + + commit f2d39a6d051413289c717b9cd2dc387a270b8e7c + * common/exechelp-w32.c (do_create_pipe): Rename, add arguments, and + create a stream if reqested. + (gnupg_create_inbound_pipe): Use the extended function to open the + stream if requested. + (gnupg_create_outbound_pipe): Likewise. + (gnupg_create_pipe): Update call site. + + common,w32: Make use of default_errsource in exechelp. + + commit 727ca74bb942464217e678012cccbfc347ae08a5 + * common/exechelp-posix.c (my_error_from_syserror, my_error): New. + Use them instead of gpg_error and gpg_error_from_syserror. + +2016-10-18 NIIBE Yutaka <gniibe@fsij.org> + Arnaud Fontaine <arnaud.fontaine@ssi.gouv.fr> + + scd: Support ECC key generation. + + commit 34439da2d62b964a914ace66bae7e38f619582a4 + * scd/app-openpgp.c (get_public_key): Fix a message. + (change_keyattr_from_string, ecc_writekey): Call mpi_release sooner. + (do_genkey): Add ECC support. + +2016-10-18 NIIBE Yutaka <gniibe@fsij.org> + + scd: minor cleanup to merge other works. + + commit f1845f25dbea79c191427710fa56ed01e63a045b + * scd/iso7816.c (do_generate_keypair): Use const char * for DATA. + (iso7816_generate_keypair, iso7816_read_public_key): Likewise. + * scd/app-openpgp.c (get_public_key): Follow the change. + (do_genkey): Ditto. Use ERR instead of RC. Use u32 for CREATED_AT. + +2016-10-17 Justus Winter <justus@g10code.com> + + gpgscm: Initialize nesting stack. + + commit c2e713d9e25ef8b61e8eeb3c01ee1e31cb70b794 + * tests/gpgscm/scheme.c (scheme_init_custom_alloc): Initialize nesting + stack. + +2016-10-17 Daniel Kahn Gillmor <dkg@fifthhorseman.net> + + doc: Document how to manually shut down gpg-agent. + + commit 869c06efa791bbc8330becdb3f13f7cf9506257e + * doc/gpg-agent.texi: document "gpgconf --kill gpg-agent" for manual + agent termination. + + This was requested in a side-comment in https://bugs.debian.org/840669 + + doc: Point gpg-agent(1) at the right gpg manpage in SEE ALSO. + + commit c53ce53ab1fa6a328c368f2a15e3ccd803f03ee2 + * doc/gpg-agent.texi (SEE ALSO): refer to @gpgname, instead of + hard-coding "gpg2". + +2016-10-17 NIIBE Yutaka <gniibe@fsij.org> + + scd: Fix keytocard for ECC. + + commit 25428be52168fa9c581b7f11c95a5c63b25343b7 + * scd/app-openpgp.c (build_ecc_privkey_template): Size can be greater + than 128 when it comes with public key for curve of larger field. + + gpgconf: Fix for --homedir. + + commit 70a8584ec4389209762eb65bb77f20f7881577be + * tools/gpgconf-comp.c (gpg_agent_runtime_change, + scdaemon_runtime_change, dirmngr_runtime_change): Provide the homedir + arguments by --homedir when it's not default. + +2016-10-16 Werner Koch <wk@gnupg.org> + + agent: Use straightforward names for the default socket names. + + commit 0b0f9a3788cb5d3c26cec16cd24acc973069d280 + * configure.ac (GPG_AGENT_SOCK_NAME): Change name to *.extra. + (GPG_AGENT_EXTRA_SOCK_NAME): Change name to *browser. + +2016-10-15 Werner Koch <wk@gnupg.org> + + agent: Move inotify code to common and improve it. + + commit 2f7d4c38c9e7bcc14e6e0bf219d688c40a4afecb + * common/sysutils.c: Include sys/inotify.h. + (my_error_from_syserror, my_error): New. + (gnupg_inotify_watch_socket): New. + (gnupg_inotify_has_name): New. + * agent/gpg-agent.c: Do not include sys/inotify.h. + (my_inotify_is_name): Remove. + (handle_connections): Remove HAVE_INOTIFY_INIT protected code and use + the new functions. + +2016-10-14 Kai Michaelis <kai@gnupg.org> + + dirmngr: use gnupg_mkdtemp instead of mkstemp. + + commit c318561ef4c97f0c2767aef377531d58174060a1 + MinGW on debian does not support mkstemp. + + dirmngr: add VERSIONCHECK command. + + commit f99c5fa1c970dc1122ac62371eb8d758f380ed57 + Given an application name and version VERSIONCHECK fetches the software + version list from version.gnupg.org, verifies the signature and returns + whenever the given version is older (UPDATE), current (CURRENT) or newer + (ROLLBACK). + +2016-10-13 Neal H. Walfield <neal@g10code.com> + + tests: Use shorter filenames. + + commit 0c56ad5a8d89d69a9ed00571720b3b105f955214 + * tests/openpgp/tofu/cross-sigs/ + 1938C3A0E4674B6C217AC0B987DB2814EC38277E-1.gpg: Rename from this... + * tests/openpgp/tofu/cross-sigs/EC38277E-1.gpg: .. to this. + * tests/openpgp/tofu/cross-sigs/ + 1938C3A0E4674B6C217AC0B987DB2814EC38277E-1.txt: Rename from this... + * tests/openpgp/tofu/cross-sigs/EC38277E-1.txt: .. to this. + * tests/openpgp/tofu/cross-sigs/ + 1938C3A0E4674B6C217AC0B987DB2814EC38277E-2.gpg: Rename from this... + * tests/openpgp/tofu/cross-sigs/EC38277E-2.gpg: .. to this. + * tests/openpgp/tofu/cross-sigs/ + 1938C3A0E4674B6C217AC0B987DB2814EC38277E-2.txt: Rename from this... + * tests/openpgp/tofu/cross-sigs/EC38277E-2.txt: .. to this. + * tests/openpgp/tofu/cross-sigs/ + 1938C3A0E4674B6C217AC0B987DB2814EC38277E-3.txt: Rename from this... + * tests/openpgp/tofu/cross-sigs/EC38277E-3.txt: .. to this. + * tests/openpgp/tofu/cross-sigs/ + 1938C3A0E4674B6C217AC0B987DB2814EC38277E-secret.gpg: Rename from + this... + * tests/openpgp/tofu/cross-sigs/EC38277E-secret.gpg: .. to this. + * tests/openpgp/tofu/cross-sigs/ + DC463A16E42F03240D76E8BA8B48C6BD871C2247-1.gpg: Rename from this... + * tests/openpgp/tofu/cross-sigs/871C2247-1.gpg: .. to this. + * tests/openpgp/tofu/cross-sigs/ + DC463A16E42F03240D76E8BA8B48C6BD871C2247-1.txt: Rename from this... + * tests/openpgp/tofu/cross-sigs/871C2247-1.txt: .. to this. + * tests/openpgp/tofu/cross-sigs/ + DC463A16E42F03240D76E8BA8B48C6BD871C2247-2.gpg: Rename from this... + * tests/openpgp/tofu/cross-sigs/871C2247-2.gpg: .. to this. + * tests/openpgp/tofu/cross-sigs/ + DC463A16E42F03240D76E8BA8B48C6BD871C2247-2.txt: Rename from this... + * tests/openpgp/tofu/cross-sigs/871C2247-2.txt: .. to this. + * tests/openpgp/tofu/cross-sigs/ + DC463A16E42F03240D76E8BA8B48C6BD871C2247-3.gpg: Rename from this... + * tests/openpgp/tofu/cross-sigs/871C2247-3.gpg: .. to this. + * tests/openpgp/tofu/cross-sigs/ + DC463A16E42F03240D76E8BA8B48C6BD871C2247-3.txt: Rename from this... + * tests/openpgp/tofu/cross-sigs/871C2247-3.txt: .. to this. + * tests/openpgp/tofu/cross-sigs/ + DC463A16E42F03240D76E8BA8B48C6BD871C2247-4.gpg: Rename from this... + * tests/openpgp/tofu/cross-sigs/871C2247-4.gpg: .. to this. + * tests/openpgp/tofu/cross-sigs/ + DC463A16E42F03240D76E8BA8B48C6BD871C2247-secret.gpg: Rename from + this... + * tests/openpgp/tofu/cross-sigs/871C2247-secret.gpg: .. to this. + * tests/openpgp/Makefile.am (TEST_FILES): Update accordingly. + + g10: Be more careful when checking if a binding is signed by a UTK. + + commit 95d0f3e5eebd85dcf226dca14891a1215bfe93ae + * g10/tofu.c (signed_by_utk): When checking if a key is signed by an + ultimately trusted key, only consider the signatures on the specified + user id. + * tests/openpgp/tofu.scm: Add test for the above. + + tests: Add test data to TEST_FILES. + + commit d2d936fbe86d61b89cead95df633b2b575690e05 + * tests/openpgp/Makefile.am (TEST_FILES): Add new test data. + + g10: Be more careful when checking cross signatures. + + commit 4c0389f8eb19ae7dfd9c5d784a629b386d93cc5c + * g10/tofu.c (cross_sigs): When checking cross signatures, only + consider the signatures on the specified user id. + * tests/openpgp/tofu.scm: Add test for the above. + * tests/openpgp/tofu/cross-sigs/ + 1938C3A0E4674B6C217AC0B987DB2814EC38277E-1.gpg: + New file. + * tests/openpgp/tofu/cross-sigs/ + 1938C3A0E4674B6C217AC0B987DB2814EC38277E-1.txt: New file. + * tests/openpgp/tofu/cross-sigs/ + 1938C3A0E4674B6C217AC0B987DB2814EC38277E-2.gpg: New file. + * tests/openpgp/tofu/cross-sigs/ + 1938C3A0E4674B6C217AC0B987DB2814EC38277E-2.txt: New file. + * tests/openpgp/tofu/cross-sigs/ + 1938C3A0E4674B6C217AC0B987DB2814EC38277E-3.txt: New file. + * tests/openpgp/tofu/cross-sigs/ + 1938C3A0E4674B6C217AC0B987DB2814EC38277E-secret.gpg: New file. + * tests/openpgp/tofu/cross-sigs/ + DC463A16E42F03240D76E8BA8B48C6BD871C2247-1.gpg: New file. + * tests/openpgp/tofu/cross-sigs/ + DC463A16E42F03240D76E8BA8B48C6BD871C2247-1.txt: New file. + * tests/openpgp/tofu/cross-sigs/ + DC463A16E42F03240D76E8BA8B48C6BD871C2247-2.gpg: New file. + * tests/openpgp/tofu/cross-sigs/ + DC463A16E42F03240D76E8BA8B48C6BD871C2247-2.txt: New file. + * tests/openpgp/tofu/cross-sigs/ + DC463A16E42F03240D76E8BA8B48C6BD871C2247-3.gpg: New file. + * tests/openpgp/tofu/cross-sigs/ + DC463A16E42F03240D76E8BA8B48C6BD871C2247-3.txt: New file. + * tests/openpgp/tofu/cross-sigs/ + DC463A16E42F03240D76E8BA8B48C6BD871C2247-4.gpg: New file. + * tests/openpgp/tofu/cross-sigs/ + DC463A16E42F03240D76E8BA8B48C6BD871C2247-secret.gpg: New file. + * tests/openpgp/tofu/cross-sigs/README: New file. + + g10: Still check if the key is an UTK or cross signed in batch mode. + + commit e09166c77273f459c8f87cab9224f85808af2cba + * g10/tofu.c (get_trust): If POLICY is ask, but we can't ask, don't + bail immediately. Instead, check if the key in question is an + ultimately trusted key or cross signed. + + g10: If an sqlite operation fails, map the error code to GPG_ERR_GENERAL + + commit 5bf92e51dfdfb4f4746ecd817d8d2240ed27ea74 + * g10/tofu.c (get_policy): If an sqlite operation fails, map the error + code to GPG_ERR_GENERAL. + (ask_about_binding): Likewise. + (build_conflict_set): Likewise. + (get_trust): Likewise. + (show_statistics): Likewise. + (tofu_register_signature): Likewise. + (tofu_register_encryption): Likewise. + + tests: Remove support for deprecated functionality. + + commit 2282c3b761413dfa894300e70084bbd58908c0b1 + * tests/openpgp/tofu.scm: Don't remove tofu.d. It's deprecated. + +2016-10-12 Neal H. Walfield <neal@g10code.com> + + g10: When changing a TOFU binding's policy, update the conflict info. + + commit 3ad17e72fa81d18c95732ddcd4def244f52bb5b1 + * g10/tofu.c (record_binding): Take an additional argument, CONFLICT. + Set the binding's conflict accordingly. Update callers. + + g10: Make a singular string singular. + + commit ca84f65c7cf2c6a08a01018519965a82e6c52cac + * g10/tofu.c (ask_about_binding): Make the singular string singular. + + g10: Correctly determine whether a binding has a conflict. + + commit 6fdf37f0831949cb279de6dc6b247ab2ed53fe5a + * g10/tofu.c (build_conflict_set): A binding has a conflict is + conflict is *not* NULL, not if it is NULL. + + g10: Fix a column's type in TOFU DB. + + commit 78eda335fd1c29038b74b9cc912b6a4515fccd9f + * g10/tofu.c (initdb): Change policy from a boolean to an integer. + +2016-10-07 Justus Winter <justus@g10code.com> + + tests: Rework test environment setup. + + commit cbbf0a7a8da1757fea29cff0daaa42a6bbb95b26 + * tests/openpgp/setup.scm: Import one keyring at a time. This works + around a yet to be investigated hang on Windows. It is also much + prettier. + + tests: Improve handling of Windows newlines. + + commit 1f76f8d8bc65fad98927c977baf4d5e36dafe52b + * tests/gpgscm/lib.scm (string-split-newlines): New function. + * tests/openpgp/default-key.scm: Use new function. + * tests/openpgp/defs.scm: Likewise. + * tests/openpgp/export.scm: Likewise. + * tests/openpgp/import.scm: Likewise. + + gpgscm: Improve test of low-level functions. + + commit 11eac7eb2fa3392a9aa052f8f5bb9875129ab84b + * tests/gpgscm/t-child.c: Print large amounts of data. + * tests/gpgscm/t-child.scm: Test that this works. + + gpgscm: Improve path handling. + + commit dff266059813d22d1e2ba7e77279999cd41ceb75 + * tests/gpgscm/ffi.c (ffi_init): New Scheme variable '*win32*'. + * tests/gpgscm/tests.scm (canonical-path): Correctly handle paths with + drive letter on Windows. Use 'path-join'. + (path-expand): Use 'path-join'. + + tools: Fix error handling. + + commit 5afbfdfd59540cb882d891ff1f4afa73fe48f99a + * tools/gpgtar-create.c (gpgtar_create): Do not crash if opening the + tarball failed. + +2016-10-07 NIIBE Yutaka <gniibe@fsij.org> + + agent: Fix get_socket_name. + + commit fb3b3e1e7a4219f61a834fd07809898918611c2f + * agent/gpg-agent.c (get_socket_name): Fix the size of copying. + +2016-10-07 Werner Koch <wk@gnupg.org> + + gpg: Put extra parens around bit tests. + + commit 5d43d28aa3c44c3a27fde823f467b0c4be1a58c2 + * g10/options.h (DBG_MPI): New. + * g10/gpg.c (set_debug): Use macro or extra parens for binary operator. + * g10/parse-packet.c (set_packet_list_mode): Use dbg macro. + +2016-10-07 NIIBE Yutaka <gniibe@fsij.org> + + agent, dirmngr, scd: Fix init_common_subsystems. + + commit fc0b392e766af8127094e8b529d25abb84ad1d65 + * common/init.c (_init_common_subsystems): Don't call + gpgrt_set_syscall_clamp in this function. + * agent/gpg-agent.c, dirmngr/dirmngr.c, scd/scdaemon.c: Call + gpgrt_set_syscall_clamp after npth_init. + +2016-10-06 Justus Winter <justus@g10code.com> + + common: Avoid pointer arithmetic on string literals. + + commit 4aadc751f201f8f97c9c1f454e3a29803cce3edb + * common/gettime.c (rfctimestamp): Use indexing instead. + * common/signal.c (got_fatal_signal): Likewise. + + g10: Fix singular term. + + commit b0d2526bc4e5c663eeffe04500420c70cee98712 + * g10/tofu.c (ask_about_binding): Fix singular message. + + g10: Use appropriate variant of 'abs'. + + commit 73000d1ce0317210f5a9e5262404cc90258041ff + * g10/tofu.c (ask_about_binding): Use 'labs' instead of 'abs'. + + sm: Remove statement without effect. + + commit 2d446759bd43ae38fbce9a18c955285ca535bc08 + * sm/call-dirmngr.c (gpgsm_dirmngr_isvalid): Remove statement without + effect. + + g10: Fix testing for debug flag. + + commit 6b626824c8e30b41c47724b5ccbf761937499512 + * g10/parse-packet.c (set_packet_list_mode): Fix testing for debug + flag. + + tools: Improve error handling. + + commit 32f81f56a8be6d13dea0a64d24f52343c7e72c84 + * tools/gpg-wks-server.c (copy_key_as_binary): Initialize 'argv'. + + gpgscm: Update callsite of 'gnupg_spawn_process'. + + commit 07cfb3b27a77491eae818d57f6eb660e75fa013f + * tests/gpgscm/ffi.c (do_spawn_process): Adapt to the changes to + 'gnupg_spawn_process'. + +2016-10-05 Werner Koch <wk@gnupg.org> + + wks: Send key encrypted as required by draft -02. + + commit 8ce800d21919eaaba7ed4f04f712292be310fd66 + * tools/gpg-wks-client.c (get_key): Encrypt. + (encrypt_response): Take care of --fake-submission-addr. + + wks: Add option --fake-submission-addr to gpg-wks-client. + + commit e514a5b725f0c997cef4362808b2778a3faa9cf8 + * tools/gpg-wks-client.c (oFakeSubmissionAddr): New. + (opts): Add option --fake-submission-addr. + (fake_submission_addr): New variable. + (parse_arguments): Set it. + (command_send): Use --fake-submission-addr. + + agent: Another minor fix to map_supervised_sockets. + + commit 1cedc32c95c2e3c3ab98af23ddc2845d51e596c1 + * agent/gpg-agent.c (map_supervised_sockets): Remove debug message. + Provide correct fd in the second error case. + + agent: Fix npth + supervised mode problem. + + commit f57dc2b1e6f28d164f882373535dbcb0d632ca17 + * agent/gpg-agent.c (main): Initialize modules in supervised mode. + +2016-10-05 Daniel Kahn Gillmor <dkg@fifthhorseman.net> + + agent: Fix error handling in map_supervised_sockets. + + commit a2127c71dbf87c1710b43d91a733dd4c9b2953bc + * agent/gpg-agent.c (map_supervised_sockets): the file descriptor to + close on error is fd, not i. + +2016-10-04 Werner Koch <wk@gnupg.org> + + agent: Streamline the supervised mode code. + + commit 1a9c8d78ece2f31fdb1a8e2be049aa71053061fa + * agent/gpg-agent.c (get_socket_path): Rename to ... + (get_socket_name): this. This is to comply with the GNU coding guide. + Use xtrymalloc instead of malloc. Do not build for W32. + (map_supervised_sockets): Use strtokenize and set the the socket names + here. + (main): Adjust for above change. Do not close the socket. + + agent: Adjust cleanup for supervised mode. Fix for W32. + + commit afcfae7959f39e7d85309b9496e1f1cf9acd5cc2 + * agent/gpg-agent.c (opts) [W32]: Remove option --supervised. + (is_supervised): Move from main() to global. + (inhibit_socket_removal): New. + (cleanup): Take care of supervise mode and INHIBIT_SOCKET_REMOVAL. + (check_own_socket_thread): Set INHIBIT_SOCKET_REMOVAL instead of + seting the socket names to empty. + + agent: Adjust supervised mode for the new default socket names. + + commit dc059af1ff007842e2633e686c87d05daf1d45e3 + * agent/gpg-agent.c (main): In supervised mode do not provide default + socket names. Unset DISPLAY and INSIDE_EMACS. Use log_error and + agent_exit. + +2016-10-04 Daniel Kahn Gillmor <dkg@fifthhorseman.net> + + agent: Implement --supervised command (for systemd, etc). + + commit 9f92b62a51d2d60f038fdbe01602865c5933fa95 + * agent/gpg-agent.c (get_socket_path): New function for POSIX systems + to return the path for a provided unix-domain socket. + (map_supervised_sockets): New function to inspect $LISTEN_FDS and + $LISTEN_FDNAMES and map them to the specific functionality offered by + the agent. + (main): Add --supervised command. When used, listen on already-open + file descriptors instead of opening our own. + * doc/gpg-agent.texi: Document --supervised option. + +2016-10-04 Justus Winter <justus@g10code.com> + + build,w32: Unconditionally build tests. + + commit 4a232d23a8f51bebf9ee382e480248b4bde30f28 + * configure.ac (run_tests, RUN_TESTS, RUN_GPG_TESTS): Remove + variables. They are misleadingly named, as they inhibit building the + tests. There is no reason not to build the tests even when + cross-compiling, as they are only run if one does 'make check'. + * Makefile: Adapt accordingly. + * tests/Makefile.am: Adapt accordingly. Avoid building 'asschk' on + Windows as it uses non-portable functions. + + tests,w32: Do not expose 'glob' to gpgscm. + + commit 41b510f9c510f8fd1b59eb0c5dd2e2b2deaf0a1b + * tests/gpgscm/ffi.c (do_glob): Remove function. + (ffi_init): Likewise. + + tests,w32: Avoid using 'glob'. + + commit 949e70115eb2c04bd09da6477f6c433e6fd9a366 + * tests/openpgp/setup.scm: Avoid 'glob' which is not available on + mingw. + + tools: Ignore existing directories in gpgtar. + + commit fbc83c0cdd390473c044953fb774571ffc636c6d + * tools/gpgtar-extract.c (extract_directory): Ignore existing + directories now that we have '--directory'. + +2016-10-04 NIIBE Yutaka <gniibe@fsij.org> + + agent, dirmngr, scd: npth_init must be after fork. + + commit eda17649f8bd3b8ce7bfc00a3c11cbcae63c845d + * agent/gpg-agent.c (thread_init_once, initialize_modules): New. + (main): Make sure no daemonizing-fork call after npth_init, and no npth + calls before npth_init, with care of npth calls by assuan hooks. + * dirmngr/dirmngr.c (thread_init): New. + (main): Make sure npth_init must not be called before daemonizing fork. + * scd/scdaemon.c (main): Likewise. + +2016-09-30 Werner Koch <wk@gnupg.org> + + agent: Remove the warning for the GKR hijacking. + + commit a43739a2456a38c01704d8a52dca441055e29bc6 + * g10/call-agent.c (check_hijacking): Remove. + (start_agent): Remove call. + + agent: Create the extra sockets in the standard socket dir. + + commit 80cc16e0728256f6b07a12980e1f3512cf2324fa + * agent/gpg-agent.c (main): Take the socketdir in account for the + default sockets. + * tools/gpgconf.c (list_dirs): Add "agent-extra-socket" and + "agent-browser-socket". + + agent: Kludge to allow disabling of the extra sockets. + + commit 95cf7afff074613825f4442fa131145a2c0d3cf7 + * agent/gpg-agent.c (main): Check for special socket names. + + wks: Avoid long trustdb checks. + + commit de67055aff916455cec89fab1d95177d3b383008 + * tools/wks-receive.c (verify_signature): Use --always-trust. + +2016-09-30 Justus Winter <justus@g10code.com> + + build: Fix build against libiconv. + + commit 6054e8aaecbd355bb7559697eecaadf2225189b8 + * agent/Makefile.am: Add INCICONV and LIBICONV. + * common/Makefile.am: Likewise. + * tools/Makefile.am: Likewise. + + agent: Enable restricted, browser, and ssh socket by default. + + commit e11686f973b35869d7b299ce4726003ac22e2e3a + * agent/gpg-agent.c (main): Provide defaults for 'extra-socket' and + 'browser-socket', enable ssh socket by default, but do not emit the + 'SSH_AUTH_SOCK' variable unless it has been explicitly requested. + * configure.ac (GPG_AGENT_{EXTRA,BROWSER}_SOCK_NAME): New definitions. + * doc/gpg-agent.texi: Update documentation. + + w32: Fix STARTTLS on LDAP connections. + + commit 8d37018050373a47566bf8ea0d894da20ed292c7 + * dirmngr/ks-engine-ldap.c (my_ldap_connect): Fix build against + <winldap.h>. + +2016-09-29 Werner Koch <wk@gnupg.org> + + wks: Partly implement draft-koch-openpgp-webkey-service-02. + + commit 33800280da55a859e08dfa57f29144c89dd1bead + * tools/gpg-wks.h (WKS_RECEIVE_DRAFT2): New. + * tools/wks-receive.c: Include rfc822parse.h. + (struct receive_ctx_s): Add fields PARSER, DRAFT_VERSION_2, and + MULTIPART_MIXED_SEEN. + (decrypt_data): Add --no-options. + (verify_signature): Ditto. + (new_part): Check for Wks-Draft-Version header. Take care of text + parts. + (wks_receive): Set Parser and pass a flag value to RESULT_CB. + * tools/gpg-wks-client.c (read_confirmation_request): New. + (main) <aRead>: Call read_confirmation_request instead of + process_confirmation_request. + (command_receive_cb): Ditto. Add arg FLAGS.. + (decrypt_stream_status_cb, decrypt_stream): New. + (command_send): Set header Wks-Draft-Version. + * tools/gpg-wks-server.c (struct server_ctx_s): Add field + DRAFT_VERSION_2. + (sign_stream_status_cb, sign_stream): New. + (command_receive_cb): Set draft flag. + (send_confirmation_request): Rework to implement protocol draft + version 2. + + * tools/gpg-wks.h (DBG_MIME_VALUE, DBG_PARSER_VALUE): New. + (DBG_MIME, DBG_PARSER, DBG_CRYPTO): New. Use instead of a plain + opt.debug where useful. + * tools/gpg-wks-client.c (debug_flags): Add "mime" and "parser". + * tools/gpg-wks-server.c (debug_flags): Ditto. + + tools: Convey signeddata also to the part_data callback in mime-parser. + + commit c738f92c195d91662ddc7848cc3c92c7f091f1f8 + * tools/mime-parser.c (mime_parser_parse): Factor some code out to ... + (process_part_data): new. + ((mime_parser_parse): Also call process_part_data for signed data. + + tools: Allow retrieval of signed data from mime-maker. + + commit f776757ea94542e2f425840dddaf3e65b0ff7757 + * tools/mime-maker.c (find_part): New. + (mime_maker_get_part): New. + + tools: Change mime-maker to write out CR,LF. + + commit 29db3be6e8dbc9b4dd52cd1781106fa9fa3954a5 + * tools/mime-maker.c (struct part_s): Add field PARTID. + (struct mime_maker_context_s): Add field PARTID_COUNTER. + (dump_parts): Print part ids. + (mime_maker_add_header): Assign PARTID. + (mime_maker_add_container): Ditto. + (mime_maker_get_partid): New. + (write_ct_with_boundary): Remove. + (add_header): Strip trailing white spaces. + (write_header): Remove trailing spaces trimming. Add arg BOUNDARY. + Handle emdedded LFs. + (write_gap, write_boundary, write_body): New. + (write_tree): Use new functions. + + tools: Simplify the mime-maker container creation. + + commit 95d60c6ce9e8a7a7741553af957978c1f91547c5 + * tools/mime-maker.c (struct part_s): Remove field MEDIATYPE. + (release_parts): Ditto. + (dump_parts): Print a body line only if tehre is a body. + (mime_maker_add_header): Check for body or container. + (mime_maker_add_container): Remove arg MEDIATYPE. Change all callers. + (mime_maker_end_container): New. + + tools: Give mime parser callbacks access to the rfc822 parser. + + commit 4ac138c84d0f344ca9442f90c96f0e1f76062a4a + * tools/mime-parser.c (mime_parser_context_s): Add field MSG. + (parse_message_cb): Set it. + (mime_parser_rfc822parser): New. + * tools/mime-parser.h: Declare rfc822parse_t for the new prototype. + +2016-09-29 Justus Winter <justus@g10code.com> + + dirmngr: Fix STARTTLS on LDAP connections. + + commit 9e6f8a55ed04f876635792125858ee76a948802a + * dirmngr/ks-engine-ldap.c (my_ldap_connect): Fix unfortunate typo. + +2016-09-28 Werner Koch <wk@gnupg.org> + + gpg: Improve WKD by importing only the requested UID. + + commit cbf2ac66692daa7a324108724698d60d6c7e473f + * g10/keyserver.c: Include mbox-util.h. + (keyserver_import_wkd): Do not use the global import options but + employ an import filter. + + gpg: Reject import if an import filter removed all user ids. + + commit 80393661bdfa7ae0288644513575e8a5d708b084 + * g10/import.c (any_uid_left): New. + (import_one): Check that a UID is left. + + gpg: Make import filter data object more flexible. + + commit c9237bf2ba2c49588576dcece756ebf5fe89aada + * g10/main.h (import_filter_t): New. + * g10/import.c (struct import_filter_s): Declare struct. + (import_keep_uid, import_drop_sig): Replace by ... + (import_filter): new. Adjust all users. + (cleanup_import_globals): Move code to ... + (release_import_filter): new. + (save_and_clear_import_filter): New. + (restore_import_filter): New. + + gpg: Make sure that internal key import is done with a binary stream. + + commit 829949f3823c2306022928ce782f9c9d9c5f1cc8 + * g10/import.c (import_keys_internal): Open stream in binary mode. + +2016-09-27 Justus Winter <justus@g10code.com> + + build: Do not link gpg-connect-agent against npth. + + commit 20a16833ee2bb05f735377f705899302bcf2b4d3 + * tools/Makefile.am: Do not link gpg-connect-agent against npth. + + build: Fix check for resolver library on macOS. + + commit 2e64ccb0f96d615b1eb87e37f230a5d761aa9c36 + * configure.ac: Check for the mangled name of 'dn_skipname' first. + + common: Correctly handle modules relying on npth. + + commit 2b23a321ac0b07beeac1dfa8d71f223e66c49b71 + * common/Makefile.am (common_sources): Drop 'call-gpg.{c,h}'. + (with_npth_sources): New variable. + (libcommonpth_a_SOURCES): Use the new variable. + +2016-09-27 NIIBE Yutaka <gniibe@fsij.org> + + agent, sm: Set CTX after start_agent. + + commit 4e4843e735f32b5e79a51d8062da55bfaab6ad77 + * g10/call-agent.c (agent_keytocard): Assign parm.ctx after start_agent. + * sm/call-agent.c (gpgsm_agent_pksign, gpgsm_scd_pksign) + (gpgsm_agent_readkey, gpgsm_agent_scd_serialno) + (gpgsm_agent_scd_keypairinfo, gpgsm_agent_marktrusted) + (gpgsm_agent_passwd, gpgsm_agent_get_confirmation) + (gpgsm_agent_ask_passphrase, gpgsm_agent_keywrap_key) + (gpgsm_agent_export_key): Likewise. + + dirmngr: Removal of no-libgcrypt.o. + + commit 836b72363168cbb0051fc2356f61788468db211c + * dirmngr/Makefile.am (dirmngr_ldap_LDADD): Remove no-libgcrypt.o. + + agent: Allow only specific digest size for ECDSA. + + commit 98bc6f480ac973dccce90378dc021a2e24e58704 + * agent/pksign.c (do_encode_dsa): Fix validation of digest size. + +2016-09-22 Neal H. Walfield <neal@g10code.com> + + g10: When adding a user id, make sure the keyblock has been prepared. + + commit df5353b95eefc13135e7df50a7c197f270d6080d + * g10/keyedit.c (keyedit_quick_adduid): Call merge_keys_and_selfsig on + KEYBLOCK before adding the user id. + * tests/openpgp/quick-key-manipulation.scm: Make sure that the key + capabilities don't change when adding a user id. + (key-data): New function. + +2016-09-20 Justus Winter <justus@g10code.com> + + tests: Add documentation, make interactive debugging possible. + + commit 7e0379a75475abfd15e0623913795779ff0f40d7 + * tests/openpgp/README: Add documentation about debugging and + interfacing with GnuPG. + * tests/openpgp/run-tests.scm (test::run-sync): Hand stdin to the + child so that we can use a repl in the tests. + + tests: Port the quick key manipulation test to Scheme. + + commit 6c4c0e3ac2aeafba7a2b7c2dd92a18be8aec92b1 + * tests/openpgp/Makefile.am (XTESTS): Add new test. + * tests/openpgp/quick-key-manipulation.scm: New file. + + tests: Remove list of tests from the test runner. + + commit 49fae88fd170f2bdc12a1794a2637260e3c73a73 + * tests/openpgp/run-tests.scm: Drop hardcoded list. + + tests: Reduce runtime of excessive test. + + commit 988a04b98d42ff9cc9e62007ebcc0e4c03f4047d + * tests/openpgp/conventional-mdc.scm: Use only two plaintexts when + iterating over all cipher algorithms. + + dirmngr: Fix type. + + commit 285d193f1e1464495bce57bd0f323468515b4513 + * dirmngr/dns-stuff.c (get_dns_cert): Fix type in fallback code. + +2016-09-20 Andre Heinecke <aheinecke@intevation.de> + + dirmngr: Open file CRL's in binary mode. + + commit 4644c27514f34f5efc555d43672a25088a611a72 + * dirmngr/crlcache.c (crl_cache_load): Open file in binary mode. + +2016-09-20 NIIBE Yutaka <gniibe@fsij.org> + + doc: Fix a xref usage. + + commit b9b4ff857034df51e055ceddce567ca97e94e075 + + +2016-09-20 Ineiev <ineiev@gnu.org> + + doc: Do not end section names with "." + + commit 8078d8246fa38c3e478fc9a542117468780ace00 + + +2016-09-20 NIIBE Yutaka <gniibe@fsij.org> + + doc: minor fix for @xref. + + commit 9c1b3bc25a1b38c4eda31bf12ccc10d94bb05212 + * doc/yat2m.c (proc_texi_cmd): Captalize "see" for xref. + +2016-09-20 Justus Winter <justus@g10code.com> + + doc: Implement simple '@ref'erences. + + commit 91d5e6f805aaf24a3f1f03a95998f757dce04cb2 + * doc/yat2m.c (proc_texi_cmd): Handle '@ref'. + +2016-09-20 Ineiev <ineiev@gnu.org> + + doc: Fix full stops. + + commit 0eaab1af48f600b636183321e4a4e9c6bc361610 + * doc/gpg-agent.texi, doc/gpg.texi, doc/gpgsm.texi, + doc/instguide.texi, doc/scdaemon.texi, doc/specify-user-id.texi, + doc/tools.texi: Fix. + + doc: Fix spacings. + + commit 32bcf8b73ede9c8f1469821a54dedc6be75241d2 + * doc/debugging.texi, doc/dirmngr.texi, doc/gpg-agent.texi, + doc/gpg.texi, doc/tools.texi: Fix. + + doc: Improve markup. + + commit 377624207e9b2895ce00dfc4d1163d72f349841f + * doc/gpg-agent.texi, doc/gpg.texi, doc/gpgsm.texi, + doc/howto-create-a-server-cert.texi, doc/scdaemon.texi, + doc/specify-user-id.texi, doc/tools.texi: Fix. + + doc: Replace rfc0123 with RFC-0123. + + commit 9d2b7bff12b268638465da222ca7cc9042bba072 + * doc/gpg.texi, doc/gpgsm.texi, doc/specify-user-id.texi: Fix. + + doc: Add missing description of datafile. + + commit 789916281c25e737d8fb44add5ca61f8fd25de2f + * doc/gpg.texi: Fix. + + doc: Replace UTF8 with UTF-8. + + commit 00d6d8bc8772e48b6f200d359e11eb93ab65f51f + * doc/gpg.texi: Fix. + + doc: Fix mistakes. + + commit f25e04005af5831053ba194a09e3afa48d1e162b + * doc/dirmngr.texi, doc/gpg.texi, doc/gpgsm.texi, + doc/howto-create-a-server-cert.texi, + doc/scdaemon.texi, doc/tools.texi: Fix. + + doc: Eliminate inconsistent UK English. + + commit 825c1dfb3ee4c1704f42eaf064161b9731c20134 + * doc/dirmngr.texi, doc/gpg-agent.texi, doc/scdaemon.texi, + doc/tools.texi: Fix. + + doc: Use the right reference commands. + + commit f32689f833838a742243e94c900e98f5b59a5811 + * doc/debugging.texi, doc/gpg-agent.texi, doc/gpg.texi, doc/gpgsm.texi, + doc/tools.texi: Fix. + + doc: Fix "Not(e) that you can(not) abbreviate". + + commit 20a27d8a57c4c990fcada4278a1ce2e6fc9043e9 + * doc/dirmngr.texi, doc/gpg-agent.texi, doc/gpg.texi, doc/gpgsm.texi, + doc/scdaemon.texi, doc/tools.texi: Fix. + + doc: Fix typos. + + commit fa346508fe323e61cf157ee30c13301e1d2117c0 + * doc/debugging.texi, doc/dirmngr.texi, doc/glossary.texi + * doc/gpg-agent.texi, doc/gpg.texi, doc/gpgsm.texi + * doc/instguide.texi, doc/opt-homedir.texi, doc/scdaemon.texi + * doc/specify-user-id.texi, doc/tools.texi: Fix. + + doc: Fix Martin Hellman's name. + + commit 858af2b3473e436af53470d53cdac334edce9f09 + * doc/contrib.texi: Fix. + +2016-09-19 Justus Winter <justus@g10code.com> + + tests: Refine the repl function. + + commit 884e78efe1f3ba50513bf81c8b4804d22b25eac4 + * tests/gpgscm/repl.scm (repl): Add an argument 'environment'. + (interactive-repl): Add an optional argument 'environment'. + + tests: Implement interpreter shutdown using exceptions. + + commit 9a0659a65c52378de1c4736a0eddf8518eb20948 + * tests/gpgscm/ffi.c (ffi_init): Rename 'exit' to '_exit'. + * tests/gpgscm/ffi.scm (*interpreter-exit*): New variable. + (throw): New function. + (exit): New function. + + tests: Correctly handle exceptions in resource handling macros. + + commit 58007e52593e6b0f838de2e464ceeacf22757018 + * tests/gpgscm/tests.scm (letfd): Correctly release resources when an + exception is thrown. + (with-working-directory): Likewise. + (with-temporary-working-directory): Likewise. + (lettmp): Likewise. + + tests: Refine exception handling. + + commit ab483eff9a8254adf127cdee178e14ba74f0a2b3 + * tests/gpgscm/init.scm (catch): Bind all arguments to '*error*' in + the error handler, update and fix comment. + (*error-hook*): Revert to original definition. + * tests/gpgscm/tests.scm (tr:do): Adapt accordingly. + * tests/openpgp/issue2419.scm: Likewise. + + tests: Use descriptive temporary file names. + + commit 83a406b38a21d0eeb4963db824a27783c212d2fb + * tests/gpgscm/ffi.c (do_get_isotime): New function. + (ffi_init): Add parameter 'scriptname', bind new function and + scriptname. + * tests/gpgscm/ffi.h (ffi_init): Update prototype. + * tests/gpgscm/main.c (main): Hand in the script name. + * tests/gpgscm/tests.scm (mkdtemp): Use current time and script name + for the names of temporary directories. + +2016-09-19 Werner Koch <wk@gnupg.org> + + gpg: Fix regression in fingerprint printing. + + commit 998643666c016dbacf10f813c22efc97deadec65 + * g10/keylist.c (list_keyblock_print): Do not depend calling + print_fingerprint on opt.keyid_format. + + dirmngr: Silence diagnostics about starting housekeeping. + + commit 5bf1facc973eb6e0bfab0f8f17129534dec56e04 + * dirmngr/dirmngr.c (housekeeping_thread): Print info only in very + verbose mode. + +2016-09-19 Justus Winter <justus@g10code.com> + + g10: Fix memory leak. + + commit 086d219d96caa3501048aff82a282481e07c195b + * g10/tofu.c (build_conflict_set): Free 'kb_all'. + +2016-09-19 Werner Koch <wk@gnupg.org> + + doc: Update license information. + + commit 3899041cd2877ce9584c7bd149f232f35a07c399 + * tests/fake-pinentries/COPYING: Rename to ... + * COPYING.CC0: this. Add a note on the scope of this license. + * COPYING.LIB: Add a note on the scope of this license. + * AUTHORS (License): Mention CC) license. + + gpgscm: Fix gcrypt version check. + + commit 47baeac50ccaaf06dc8b0cebece50f47754de6ca + * tests/gpgscm/main.c (main): Check against required and not installed + version. + + gpg: Avoid malloc failure due to no key signatures. + + commit 18bbefa27f9e47e1062ee4d7af09487632795ba7 + * g10/keyedit.c (check_all_keysigs): Check early for no key + signatures. Use xtrycalloc. + +2016-09-17 NIIBE Yutaka <gniibe@fsij.org> + + Fix comment and format. + + commit 7305d27f36148a7fb8c2f4ef5b94774cbd21b18e + * agent/protect-tool.c (main): Fix comment. + * doc/DETAILS (colon listings): Fix list. + * tests/openpgp/multisig.test: Fix comment. + +2016-09-17 Daniel Kahn Gillmor <dkg@fifthhorseman.net> + + Fix more spelling. + + commit 0d67241e317b172a258a910c02d90639e2b08fce + * NEWS, acinclude.m4, agent/command-ssh.c, agent/command.c, + agent/gpg-agent.c, agent/keyformat.txt, agent/protect-tool.c, + common/asshelp.c, common/b64enc.c, common/recsel.c, doc/DETAILS, + doc/HACKING, doc/Notes, doc/TRANSLATE, doc/dirmngr.texi, + doc/faq.org, doc/gpg-agent.texi, doc/gpg.texi, doc/gpgsm.texi, + doc/instguide.texi, g10/armor.c, g10/gpg.c, g10/keyedit.c, + g10/mainproc.c, g10/pkclist.c, g10/tofu.c, g13/sh-cmd.c, + g13/sh-dmcrypt.c, kbx/keybox-init.c, m4/pkg.m4, sm/call-dirmngr.c, + sm/gpgsm.c, tests/Makefile.am, tests/gpgscm/Manual.txt, + tests/gpgscm/scheme.c, tests/openpgp/gpgv-forged-keyring.scm, + tests/openpgp/multisig.test, tests/openpgp/verify.scm, + tests/pkits/README, tools/applygnupgdefaults, + tools/gpg-connect-agent.c, tools/mime-maker.c, tools/mime-parser.c: + minor spelling cleanup. + + move some file encodings to UTF-8. + + commit 215180d1ce6c93e2b4969d746c83ac4c055d25ef + * dirmgnr/cdblib.c: comment used unnecesary hyphenation + * dirmngr/crlcache.h: comment was iso-8859-1 + * doc/contrib.text: list contributors using UTF-8 (now we can + acknowledge many more people using their preferred orthography) + + At least one other files remains in a non-UTF-8 encoding, which i'm + not sure what to do with: + + - build-aux/speedo/w32/inst.nsi is ISO-8859-1, but maybe Windows needs + it that way? + +2016-09-16 Neal H. Walfield <neal@g10code.com> + + g10: On failure, propagate the return code. + + commit 6e930f0e4077bc7aa3d28b1ba649a82d62427d87 + * g10/tofu.c (tofu_register_encryption): If get_trust fails, set RC. + + g10: Don't ignore failure. On failure, rollback. + + commit 221b0bd0e5946edaea7135bc3b6f3c5c0fc6dbca + * g10/tofu.c (tofu_set_policy): If record_binding fails, fail. If the + function fails, rollback the transaction. + + g10: Load the key block if the supplied user id list is NULL. + + commit c2e563421e4fd4f0910642aa7b171bcf0b374b01 + * g10/tofu.c (tofu_register_encryption): Load the key block if + USER_ID_LIST is NULL. + + g10: Use the accessor functions for accessing and comparing key ids. + + commit af196342bf44ce6dc42111d37539dec7ee3b3d82 + * g10/tofu.c (get_trust): Use the pk_main_keyid accessor function. + (tofu_register_signature): Likewise. + (tofu_register_encryption): Likewise. + (tofu_set_policy): Likewise and also use pk_keyid and keyid_cmp. + +2016-09-16 Daniel Kahn Gillmor <dkg@fifthhorseman.net> + + po: convert localizations to UTF-8. + + commit 4ab8107063b641ed74fc4c9bf98304bcea573178 + * po/{it,et,pl,ro,gl,es,el,sk,pt,eo,hu}.po: convert to UTF-8 + + This was an automated conversion process, using: + + for x in po/{it,et,pl,ro,gl,es,el,sk,pt,eo,hu}.po; do + cs=$(grep charset= $x | cut -f2 -d= | cut -f1 -d\\) + iconv -f $cs -t UTF-8 < $x >$x.tmp + sed "s/$cs/UTF-8/" < $x.tmp > $x + rm -f $x.tmp + done + +2016-09-16 NIIBE Yutaka <gniibe@fsij.org> + + scd: Add support of ECC pubkey attribute. + + commit dd06d33655bc872a6310edac8e448419479d3312 + * scd/app-openpgp.c (ECC_FLAG_PUBKEY): New. + (send_key_attr, get_public_key, ecc_writekey, do_auth, do_decipher) + (parse_algorithm_attribute): Check ECC_FLAG_DJB_TWEAK. + (build_ecc_privkey_template): Add ECC_Q and ECC_Q_LEN. + Support offering public key when ECC_FLAG_PUBKEY sets. + (ecc_writekey): Supply ECC_Q and ECC_Q_LEN. + (parse_algorithm_attribute): Parse pubkey-required byte. + +2016-09-15 Justus Winter <justus@g10code.com> + + g10: Add missing header. + + commit c0e620cee86b5dacc941964bd187bba0dfa90eea + * g10/trustdb.c: Include 'mbox-util.h'. + +2016-09-15 Neal H. Walfield <neal@g10code.com> + + g10: Only consider bindings matching the signer's user id. + + commit 3f7f7447316f57d002d683af4ad30ac5730b9ebe + * g10/trustdb.c (tdb_get_validity_core): If the signer's user id + subpacket is present, only consider matching user ids. + + g10: Don't include the signature when printing a binding's validity. + + commit dcc64663051f8af82abc11e2699649c3b35936db + * g10/mainproc.c (check_sig_and_print): When printing information + about a binding don't include the current signature. + +2016-09-15 Daniel Kahn Gillmor <dkg@fifthhorseman.net> + + tests/fake-pinentries: fake pinentries for downstream developers. + + commit 3248182d1b5a03098ee797c980fa0f0ec06e716f + * tests/fake-pinentries/README.txt and + tests/fake-pinentries/fake-pinentry.{sh,py,pl,php}}: New public + domain (CC0) files to encourage better test suite practices from + downstream developers. + * tests/fake-pinentries/COPYING (new): a copy of + https://creativecommons.org/publicdomain/zero/1.0/legalcode.txt + + spelling: conenction should be connection. + + commit 167273ee9d3c04f29835aa2d12fde52eebf61efb + * dirmngr/server.c, sm/server.c: s/conenction/connection/ + + spelling: correct achived to achieved. + + commit 7fafc3c49901c118b47d4d13a41fb3575c1f9e4b + + +2016-09-15 NIIBE Yutaka <gniibe@fsij.org> + + tests/gpgscm: Fix use of pointer. + + commit 68eb5fbd37c31ed7c0c916656131eea7bb58d13d + * tests/gpgscm/scheme-private.h (struct scheme): Use (void *) for + alloc_seg. + * tests/gpgscm/scheme.c (alloc_cellseg): Use (void *) for cp. Use + (void *) for coercion of address calculation. + +2016-09-14 Neal H. Walfield <neal@g10code.com> + + g10: Fix whitespace. + + commit 9799b5d18f8fd29872b75c4d70d370af2b4e9a89 + * g10/tofu.c (show_statistics): Fix whitespace. + + g10: Correctly compute the euclidean distance. + + commit 05b2b13efd8ecea86d31af863cbf82c8b38dc94f + * g10/tofu.c (write_stats_status): Correctly compute the euclidean + distance. + (show_statistics): Likewise. + + g10: Change the default TOFU policy for UTKs to good. + + commit ca91caabb5798f67c69ee96657c7cb402e7db0df + * g10/tofu.c (get_trust): Change the default TOFU policy for UTKs to + good. + + g10: Add missing static qualifier. + + commit 9d62b79e62ef2690e6522fe1621140fbfc10695c + * g10/tofu.c (cross_sigs): Add missing static qualifier. + + g10: Default to the "good" TOFU policy for keys signed by a UTK. + + commit 8df8aa13c795e400324a782fbaea578c8f2a1398 + * g10/tofu.c (signed_by_utk): New function. + (get_trust): If a key is signed by an ultimately trusted key, then + set any bindings to good. + +2016-09-14 Werner Koch <wk@gnupg.org> + + gpg: Emit a new error status line in --quick-adduid. + + commit f4e11f2e9e8f58fd5f0df3148e6d7ccef0f84232 + * g10/keyedit.c (menu_adduid): Emit an ERROR status for an existsing + user id. + + gpg: Allow use of "default" algo for--quick-addkey. + + commit 0fd332bc1f6f1f10c96da0cc91203925d3ac81eb + * g10/keygen.c (quick_generate_keypair): Write a status error. + (parse_algo_usage_expire): Set a default curve. + +2016-09-13 Werner Koch <wk@gnupg.org> + + gpg: Improve usability of --quick-gen-key. + + commit 30a011cfd6ec172cc460e59f0904a26fe2d68632 + * g10/keygen.c (FUTURE_STD_): New constants. + (parse_expire_string): Handle special keywords. + (parse_algo_usage_expire): Allow "future-default". Simplify call to + parse_expire_string. + (quick_generate_keypair): Always allow an expiration date. Replace + former "test-default" by "future-default". + +2016-09-12 Werner Koch <wk@gnupg.org> + + gpg: Avoid mixing up status and colon line output. + + commit 31fc420727f45dd081f8ad5d056da6675dad29f2 + * g10/keylist.c (list_keyblock_colon): Avoid calling functions which + trigger a status line output before having printed a LF. + +2016-09-12 Justus Winter <justus@g10code.com> + + tests: Simplify tofu test. + + commit aa81e32df7189c3eb44d4c602fd63f5b3f6a9e49 + * tests/openpgp/tofu.scm: Simplify now that we only have one db + format. + +2016-09-10 Ben Kibbey <bjk@luxsci.net> + + Portability build fix. + + commit eddcba038025cdbd58aaf67cafd6d83f0ea042d5 + * kbx/Makefile.am: Add NETLIBS. + * dirmngr/Makefile.am: Ditto for dirmngr_ldap. + + Fix symbol conflict. + + commit 937ec53eff290c3d916faebc23218c9272671c02 + * g10/gpgcompose.c: Rename struct siginfo to signinfo. + +2016-09-09 Daniel Kahn Gillmor <dkg@fifthhorseman.net> + + gpg: print fingerprint regardless of keyid-format. + + commit d757009a24eb856770fc3a3729e2f21f54d2a618 + * g10/keylist.c (print_fingerprint): use compact format independent of + keyid-format; (print_key_line): always print the fingerprint + +2016-09-08 Werner Koch <wk@gnupg.org> + + gpg: Remove option --yes from gpgv. + + commit 30a9f53a0f2af6b98c26b8ddc0b4b87c38416f2a + * g10/gpgv.c (opts): Remove --yes. + (main): Always set opt.ANSWER_YES. + + gpg: Add options --output and --yes to gpgv. + + commit a8363b7d0bcc77b55226d5fe8f972214c968ddc3 + * g10/gpgv.c (oOutput, oAnswerYes): New. + (opts): Add --output and --yes. + (main): Implement options. + + gpg: Make --output work with --verify. + + commit bbe940c095f2bca7a1ca5f8e68ca1af98350a885 + * g10/mainproc.c (proc_plaintext): Handle opt.output. + +2016-09-07 Werner Koch <wk@gnupg.org> + + dirmngr: Terminate on deletion of the socket file (Linux only). + + commit 6308c300196ae85fd82ed383217219e0206640a4 + * dirmngr/dirmngr.c [HAVE_INOTIFY_INIT]: Include sys/inotify.h. + (oDisableCheckOwnSocket): New. + (opts): Add --disable-check-own-socket. + (disable_check_own_socket): New var. + (parse_rereadable_options): Set that var. + (my_inotify_is_name) [HAVE_INOTIFY_INIT]: New. + (handle_connections) [HAVE_INOTIFY_INIT]: New. + +2016-09-07 Neal H. Walfield <neal@g10code.com> + + g10: Use the time a signature was seen, not the embedded time, for stats + + commit bde29a46cedbbd2a5dfe7c91a6277c0a4ff50825 + * g10/tofu.c (ask_about_binding): Use the time that a signature was + seen, not allegedly generated, when generating statistics. + + tests: Don't use --tofu-db-format. + + commit a937eef2d4e80cd43095802176d3db5e7fd94008 + * tests/openpgp/tofu.scm: Remove use of --tofu-db-format, which is + deprecated. + + g10: Check for a new binding a bit later. + + commit ee06b3f7889bd99c28ac68f4781bda77d67eed00 + * g10/tofu.c (build_conflict_set): Check for the current key after + looking for conflicts and removing any '!'. + + g10: Change TOFU code to respect --faked-system-time. + + commit 7b3e8572e3bb8a65d20577a48009251fdc7b1910 + * g10/tofu.c (record_binding): New parameter now. Update callers. + Don't use SQLite's strftime('%s','now') to get the current time, use + NOW. + (ask_about_binding): Likewise. + (get_trust): New parameter now. Update callers. + (show_statistics): Likewise. + (tofu_register_signature): Don't use SQLite's strftime('%s','now') to + get the current time, use gnupg_get_time(). + (tofu_register_encryption): Likewise. + + g10: Use the correct conversion function. + + commit 56c18408d4955713d9c4e634367c7912d6564651 + * g10/tofu.c (show_statistics): Use string_to_ulong, not + string_to_long. + +2016-09-07 Werner Koch <wk@gnupg.org> + + gpg: Fix format string issues in tofu. + + commit 97a67d42dc946b2d6ed81723d86e37002b5931b3 + * g10/tofu.c (write_stats_status): Use ulong for MESSSAGES. Fix + format strings. Simplify by using the new write_status_printf. + +2016-09-06 Neal H. Walfield <neal@g10code.com> + + g10: Make sure some functions are passed a primary key. + + commit 13ddc17ddb266d74033d5739fec932034fa85c72 + * g10/tofu.c (get_trust): Make sure the caller provides a primary key. + (tofu_register_signature): Likewise. + + g10: Tweak TOFU's verbosity. + + commit ee19eacd1d688d3a98cd66e5ef2f42079eb829f1 + * g10/tofu.c (time_ago_str): Only show the most significant unit. + * g10/tofu.c (show_statistics): Tweak the output. + + g10: Only show the TOFU warning once per key. + + commit 67cef405cbfad2e53fc388dd6591ee4f7cb0d973 + * g10/tofu.c (show_statistics): Return whether to call show_warning. + Move the warning from here... + (show_warning): ... to this new function. + (tofu_get_validity): If show_statistics returns a non-zero value, call + show_warning. + + g10: Record and show statistics for encrypted messages when using TOFU. + + commit 875ac9216f1383851a82bd240cadb17c7112f6a8 + * g10/tofu.c: Include "sqrtu32.h". + (struct tofu_dbs_s.s): Rename get_trust_gather_other_keys to + get_trust_gather_signature_stats. Add new field + get_trust_gather_encryption_stats. + (initdb): Create the encryptions table. + (ask_about_binding): Show the encryption statistics too. + (tofu_register): Rename from this... + (tofu_register_signature): ... to this and update callers. + (tofu_register_encryption): New function. + (write_stats_status): Add parameters encryption_count, + encryption_first_done and encryption_most_recent. Update callers. + Compute the trust using the euclidean distance of the signature and + signature count. Compare with twice the threshold. Include + encryption count information in the TFS and TOFU_STATS lines. + (show_statistics): Also get information about the encrypted messages. + * g10/trustdb.c (tdb_get_validity_core): Use it. + + g10: Simplify the binding statistics shown for a TOFU conflict. + + commit a9e6db6c7e23d9f4b8de59f5cabbf9eb6a59e626 + * g10/tofu.c (ask_about_binding): Simplify binding statistics. + +2016-09-06 Justus Winter <justus@g10code.com> + + gpgscm: Fix detection of unbalanced parenthesis. + + commit f2249b737055f84842778285bbeff5e61fa55225 + * tests/gpgscm/main.c (load): Print error message. + * tests/gpgscm/scheme.c (opexe_0): Correctly report nesting level when + loading files. + + tests: Fix test. + + commit 213b3cf465fb091dc0a205d1a08b88b950ffb85f + * tests/openpgp/multisig.scm: Add missing parenthesis. + +2016-09-06 Werner Koch <wk@gnupg.org> + + agent: Terminate on deletion of the socket file (Linux only). + + commit 650356148af43ea619bec12e599a4981b147d5f8 + * configure.ac (AC_CHECK_FUNCS): Chec for inotify_init. + * agent/gpg-agent.c [HAVE_INOTIFY_INIT]: Include sys/inotify.h. + (my_inotify_is_name) [HAVE_INOTIFY_INIT]: New. + (handle_connections) [HAVE_INOTIFY_INIT]: New. + +2016-09-05 Justus Winter <justus@g10code.com> + + tests: Speed up the test suite. + + commit 46c4333c372f0e1ad2aadc411490c2a330b4c5a6 + * tests/openpgp/run-tests.scm (test::run-sync): Pass additional + arguments to the test. + (test::run-sync-quiet): Likewise. + (test::run-async): Likewise. + (run-tests-{parallel,sequential}-isolated): Create a tarball of the + gnupghome, then extract it for each test. + * tests/openpgp/setup.scm: Refactor into functions, add an interface + to tar-up the created environment, and untar it multiple times. + + common: Restore a simpler variant of 'gnupg_wait_process'. + + commit c97bde2dfeab23a84b4788d998934ac49ff5b797 + * common/exechelp-posix.c (gnupg_wait_process): Use the code prior to + 5ba4f604. + + common: Fix error handling. + + commit 845e2cc201d6a2cdb151e39e29516d26cb49311c + * common/exechelp-posix.c (store_result): Use xtrymalloc. + (gnupg_wait_processes): Likewise, and check result. + +2016-09-05 Neal H. Walfield <neal@g10code.com> + + g10: Don't add user attributes to the TOFU DB. + + commit 9082bde01cc18e32504ce39d55ea6dd3c05dddec + * g10/trustdb.c (tdb_get_validity_core): Skip user attributes. + +2016-09-05 Werner Koch <wk@gnupg.org> + + agent: Silence --debug IPC output for connections from self. + + commit 0b99d1fd2a80b8efaacc731027d2b2ecd9eca699 + * agent/command.c (server_local_s): Add fields 'greeting_seen' and + 'connect_from_self'. + (io_monitor): Do not log connections from self. + (start_command_handler): Set flag 'connect_from_self'. + * agent/gpg-agent.c (check_own_socket_thread): Disable logging. + (do_start_connection_thread): Do not log conection start and + termination if IPC debugging is enabled. + + agent: Small improvement of the server's local state. + + commit 2eeb5551c37659fdd59e8537fc77a9e7fb6a9204 + * agent/command.c (sserver_local_s): Change flags to use only one bit. + (option_handler): Make an atoi return 1 or 0. + +2016-09-05 Neal H. Walfield <neal@g10code.com> + + g10: Refactor cross sig check code. + + commit 1f1f56e606c1cb28eec68c60bd8bcb7ab30805de + * g10/tofu.c (BINDING_NEW): New enum value. + (BINDING_CONFLICT): Likewise. + (BINDING_EXPIRED): Likewise. + (BINDING_REVOKED): Likewise. + (ask_about_binding): Move cross sig check from here... + (get_trust): ... and the conflict set building from here... + (build_conflict_set): ... to this new function. + (format_conflict_msg_part1): Replace parameter conflict with + conflict_set. Drop parameter fingerprint. Update callers. + (ask_about_binding): Drop unused parameter conflict and redundant + parameter bindings_with_this_email_count. Rename parameter + bindings_with_this_email to conflict_set. Update callers. + +2016-09-05 Justus Winter <justus@g10code.com> + + tests: Update README. + + commit 65a7563edbbab8f93fe901f932065687508788de + * tests/openpgp/README: Update. + + tests: Pass flags to test driver. + + commit 059c79d8b447a3baa9ad0b4d3367bdb64dd2ef3b + * tests/openpgp/Makefile.am (xcheck): Pass flags to 'run-tests.scm'. + + common: Improve waiting for processes on POSIX. + + commit e33111fcdac08ed2ddfbdf59b1f790569b42f695 + * common/exechelp-posix.c (struct terminated_child): New definition. + (terminated_children): New variable. + (store_result): New function. + (get_result): Likewise. + (gnupg_wait_process): Store results that were not requested and + consider previously stored results. + + waitpid(2) may return information about terminated children that we + did not yet request, and there is no portable way to wait for a + specific set of children. As a workaround, we store the results of + children for later use. + +2016-09-05 Werner Koch <wk@gnupg.org> + + dirmngr: Exclude D lines from the IPC debug output. + + commit de623474db3ba402c9bbd872ab6f932f46cbdde9 + * dirmngr/dirmngr.h: Include asshelp.h. + * dirmngr/server.c (server_local_s): Add inhibit_dara_logging fields. + (data_line_write): Implement logging inhibit. + (data_line_cookie_close): Print non-logged D lines. + (cmd_wkd_get, cmd_ks_get, cmd_ks_fetch): Do not log D lines. + (dirmngr_assuan_log_monitor): New. + * dirmngr/dirmngr.c (main): Register monitor function. + + common: Add an assuan logging monitor. + + commit 0ac671f8a2b65a4b339f615c6420287a549779fa + * common/asshelp.c (my_log_monitor): New var. + (my_libassuan_log_handler): Run that monitor. + (setup_libassuan_logging): Add arg to set a log monitor and change all + callers. + + gpg: New export filter drop-subkey. + + commit 0a4a03e5310946b0866a0f6a34031eda7a240162 + * g10/import.c (impex_filter_getval): Add properties for key packets. + * g10/export.c (export_drop_subkey): New var. + (cleanup_export_globals): Release that var. + (parse_and_set_export_filter): Add filter "drop-subkey". + (apply_drop_subkey_filter): New. + (do_export_stream): Run that filter. + + common: Add string operator gt,ge,le,lt to recsel. + + commit 959cd8903fd012e63dbb156db56708dd3934b5df + * common/recsel.c (recsel_parse_expr): Add them. + (recsel_dump): Print them. + (recsel_select): Evaluate them. + + gpg: Use a common filter_getval for import and export. + + commit c8e0d37f4152d1341ef562a190fce93a0386a759 + * g10/import.c (filter_getval): Rename to ... + (impex_filter_getval): this. Make global. + (apply_keep_uid_filter, apply_drop_sig_filter): Adjust. + * g10/export.c (filter_getval): Remove. + (apply_drop_sig_filter): Use impex_filter_getval. + +2016-09-03 NIIBE Yutaka <gniibe@fsij.org> + + scd: Fix an action after card removal. + + commit f9e49c80e706a27d5e30d4b3237ff26367a67130 + * scd/command.c (update_card_removed): Call apdu_close_reader here. + +2016-09-02 Werner Koch <wk@gnupg.org> + + wks: Add framework for policy flags. + + commit 46362cbc0e2260e989820795a6e4245c72335172 + * tools/call-dirmngr.c (wkd_get_policy_flags): New. + * tools/gpg-wks.h (struct policy_flags_s, policy_flags_t): New. + * tools/wks-util.c (wks_parse_policy): New. + * tools/gpg-wks-client.c (command_send): Get the policy flags to show + a new info line. + * tools/gpg-wks-server.c (get_policy_flags): New. + (process_new_key): get policy flag and add a stub for "auth-submit". + (command_list_domains): Check policy flags. + + dirmngr: Add --policy-flags option to WKD_GET. + + commit 505ee45106d6aa2902bbdd6326f8eb7527c273c4 + * dirmngr/server.c (cmd_wkd_get): Add new option. + + common: Check read errors in name-value.c. + + commit fc445b36fafc8a4cc3ce5a675ac42df7a9d9a02a + * common/name-value.c: Check for read errors. + +2016-09-02 NIIBE Yutaka <gniibe@fsij.org> + + scd: Release the card reader after card removal. + + commit 8fe81055762d9c9e6f03fb7853a985c94ef73ac3 + * scd/command.c (update_reader_status_file): Call apdu_close_reader. + + scd: Clean up unused shutdown method. + + commit d1ae7103352fbda2a05f098379cd3043a0ab5566 + * scd/apdu.c (shutdown_ccid_reader, apdu_shutdown_reader): Remove. + (reset_ccid_reader): Don't set shutdown_reader. + * scd/ccid-driver.c (ccid_shutdown_reader): Remove. + + agent: invoke scdaemon with --homedir. + + commit 8b6c0bae33bdc36892f4595806665ce61f77dfd2 + * agent/call-scd.c (start_scd): Supply --homedir option when it's not + default homedir. + + po: Update Japanese translation. + + commit afdfc954b35370fbf03aaf8dc0e496410923aa4e + + +2016-09-01 Neal H. Walfield <neal@g10code.com> + + g10: End transaction earlier. + + commit 85fad6c34c08b2850580e0644faba62d3a501b84 + * g10/tofu.c (ask_about_binding): End the transaction earlier. + + g10: Don't consider cross-signed keys to be in conflict. + + commit b410a3cb7683fc7c2a253e23130c44df42a6203c + * g10/tofu.c (cross_sigs): New function. + (ask_about_binding): If apparently conflicting keys are cross signed, + then don't mark them as conflicting. + +2016-09-01 Werner Koch <wk@gnupg.org> + + gpg: Avoid homedir creation by --list-config. + + commit 38d369de13acb95208a0ed8d1cf82ac19173688f + * g10/gpg.c (main): Do not register a key for the list config + commands. + + gpg: Simplify code to print VALIDSIG. + + commit fde9fa81d3d3b25a929b532cc1960d9d9f454a0c + * g10/mainproc.c (check_sig_and_print): Use hexfingerprint and + write_status_printf. + + gpg: Add new function write_status_printf. + + commit 6bdadae00512b4907826f6754cdb220d06e1ac6d + * g10/cpr.c (write_status_printf): New. + + gpg: Fix printing of pubkey algo in --verbose signature verify. + + commit 37e3c897252babc203447be9d2f286a4507875ad + * g10/sig-check.c (check_signature2): Replace arg PK by R_PK and + change the semantics. Also clear the other R_ args on function entry, + use gpg_error() and change retturn type to gpg_error_t. + * g10/mainproc.c (do_check_sig): Add arg R_PK. + (list_node): Pass NULL for new arg. + (check_sig_and_print): Rework to make use of the returned PK. + +2016-09-01 Neal H. Walfield <neal@g10code.com> + + g10: When asking about a TOFU binding conflict, default to unknown. + + commit 3d44e5e8a8d1d8bf6cf5d387f50d75f84d804412 + * g10/tofu.c (ask_about_binding): Default to unknown. + + g10: Add support for TRUST_NEVER. + + commit f2e5cb6ffb55e49a05d452cd85e45f6f67c20abb + * g10/pkclist.c (do_we_trust): Handle TRUST_NEVER, which can be + returned by the TOFU trust model. + (do_we_trust_pre): Print a different message if TRUSTLEVEL is + TRUST_NEVER. + (check_signatures_trust): Improve comment. + + g10: Improve text. + + commit 0cb0ea1633955fb7acd33fe993a4ae4e96e83ae3 + * g10/tofu.c (show_statistics): Improve the text (key and user id, not + just key). + + g10: Remove unused parameter. + + commit 00c2850393ecc320f591f511c3534286964780c2 + * g10/tofu.c (show_statistics): Remove unused parameter sig_exclude. + Update callers. + +2016-09-01 Werner Koch <wk@gnupg.org> + + gpg: Copy the correct digest for use by TOFU. + + commit 3e67b50490aef087b5769bb35145d23f6657780f + * g10/mainproc.c (do_check_sig): Use the current digest algo. + +2016-09-01 Neal H. Walfield <neal@g10code.com> + + g10: Be careful to not be in a transaction during long operations. + + commit 4cbd2a690c5e5ed2dff49c1f4fc867b31fca689a + * g10/tofu.c (begin_transaction): New parameter only_batch. If set, + only start a batch transaction if there is none and one has been + requested. Update callers. + (tofu_suspend_batch_transaction): New function. + (tofu_resume_batch_transaction): Likewise. + (ask_about_binding): Take a ctrl_t, not a tofu_dbs_t. Update + callers. Gather statistics within a transaction. Suspend any batch + transaction when getting user input. + (get_trust): Take a ctrl_t, not a tofu_dbs_t. Update callers. + Enclose in a transaction. + (tofu_get_validity): Use a batch transaction, not a normal + transaction. + +2016-09-01 Werner Koch <wk@gnupg.org> + + tests: Run test requiring the network only in maintainer-mode. + + commit babeb6f8a9b1f8341652145bad58be6cd49e0712 + * dirmngr/Makefile.am (noinst_PROGRAMS, TESTS): Add module_net_tests. + (module_tests): Move t-dns-test to ... + (module_net_tests): here. + +2016-08-31 Werner Koch <wk@gnupg.org> + + wks: Send a final message to the user. + + commit 04c042f3f2a631bc6e772c33f8da5e7aa7b1902a + * tools/gpg-wks-server.c (send_congratulation_message): New. + (check_and_publish): Call it. + + wks: Relax permission check for the top directory. + + commit e4eac16330449f3893c11820c15e07d58fb807ff + * tools/gpg-wks-server.c: Allow S_IXOTH for the top directory. + +2016-08-31 Neal H. Walfield <neal@g10code.com> + + g10: On a TOFU conflict, show whether the uids are expired or revoked. + + commit edfb6934caf16c6afcfd82d684d8ae9c79674d10 + * g10/tofu.c (struct signature_stats): Add fields is_expired and + is_revoked. + (signature_stats_prepend): Clear *stats when allocating it. + (ask_about_binding): Also show whether the user ids are expired or + revoked. + + doc: Add a help text for tofu.conflict. + + commit b69b2cb082e39a7eb56082fa80219f6f14fbd2b4 + * doc/help.txt (.gpg.tofu.conflict): New help text. + + g10: Always trust ultimately trusted keys. + + commit 28c235ae757e9036b0b96efc28931fa5cc74f7ee + * g10/tofu.c (get_trust): Always return TRUST_ULTIMATE for ultimately + trusted keys. + + g10: Fix error detection. + + commit 5b48960a8a2555db7bf992261de9e922838c9913 + * g10/tofu.c: first_seen == 0 is not an error. + + g10: Update a key's TOFU policy in a transaction. + + commit e4d5e3cb0d10e8f77c7100d42cfdb32051de1c18 + * g10/tofu.c (tofu_set_policy): Do the update in a transaction. + * g10/gpg.c (main): Do a TOFU policy update in a batch transaction. + + g10: Fix the show old policy functionality when changing a TOFU policy. + + commit 247eef005cf4c34e9a82227e4ab7823e04911be4 + * g10/tofu.c (record_binding): Fix the show old policy functionality. + + g10: Drop unused argument. + + commit 70df5a8fd781d8774d835384ca28c4d8518bb9d0 + * g10/tofu.c (begin_transaction): Remove unused option only_batch. + + gpg: Move state local to tofu.c to a private structure. + + commit 268f6b7a3403d036882b4af384ba7ab2f8c8355f + * g10/gpg.h (struct server_control_s.tofu): Move fields in_transaction + and batch_update_started from here... + * g10/tofu.c (struct tofu_dbs_s): ... to here. + + gpg: Avoid name spaces clash with future sqlite versions (2). + + commit b8184d2d74e5ddd5eb68836b53fe5568110e14dd + * g10/gpgsql.h (gpgsql_arg_type): Rename SQLITE_ARG_END to + GPGSQL_ARG_END, SQLITE_ARG_INT to GPGSQL_ARG_INT, SQLITE_ARG_LONG_LONG + to GPGSQL_ARG_LONG_LONG, SQLITE_ARG_STRING to GPGSQL_ARG_STRING, and + SQLITE_ARG_BLOB to GPGSQL_ARG_BLOB. + +2016-08-31 Werner Koch <wk@gnupg.org> + + gpg: Fix regression in gpgv's printing of the keyid. + + commit 76304a971fe507ea659b952932ea899463ab7166 + * g10/keyid.c (keystr): Take care of KF_NONE != KF_DEFAULT. + +2016-08-30 Neal H. Walfield <neal@g10code.com> + + g10: Improve TOFU batch update code. + + commit 371ae66e9d5c7524431773c4a479fcae1ea3b652 + * g10/gpg.h (tofu): Rename field batch_update_ref to + batch_updated_wanted. + * g10/tofu.c (struct tofu_dbs_s): Rename field batch_update to + in_batch_transaction. + (begin_transaction): Only end an extant batch transaction if we are + not in a normal transaction. When ending a batch transaction, really + end it. Update ctrl->tofu.batch_update_started when starting a batch + transaction. + (end_transaction): Only release a batch transaction if ONLY_BATCH is + true. When releasing a batch transaction, assert that there is no + open normal transaction. Only allow DBS to be NULL if ONLY_BATCH is + true. + (tofu_begin_batch_update): Don't update + ctrl->tofu.batch_update_started. + (opendbs): Call end_transaction unconditionally. + + g10: If a key has no valid user ids, change TOFU to return TRUST_NEVER. + + commit d0451440c036106895a291f9ca1c53c2d5159f8f + * g10/tofu.c (tofu_get_validity): If a key has no valid (non-expired) + user ids, change TOFU to return TRUST_NEVER. + + g10: Change tofu_register & tofu_get_validity to process multiple uids. + + commit 6052c147091935fc0321ba24f4a44146df70ef01 + * g10/tofu.c (tofu_register): Take a list of user ids, not a single + user id. Only register the bindings, don't compute the trust. Thus, + change return type to an int and remove the may_ask parameter. Update + callers. + (tofu_get_validity): Take a list of user ids, not a single user id. + Update callers. Observe signatures made by expired user ids, but + don't include them in the trust calculation. + + g10: Support nested transactions on the TOFU DB. + + commit 33e97813d72996d22a295773c64261f5588ce9dd + * g10/gpg.h (struct server_control_s): New field in_transaction. + * g10/tofu.c (struct tofu_dbs_s): Remove fields savepoint_inner and + savepoint_inner_commit. + (begin_transaction): Increment CTRL->TOFU.IN_TRANSACTION. Name the + savepoint according to the nesting level. + (end_transaction): Name the savepoint according to the nesting level. + Decrement CTRL->TOFU.IN_TRANSACTION. + (rollback_transaction): Likewise. Only ever rollback a non-batch + transaction. + (opendbs): Assert that there are no outstanding transactions. + + g10: Print the info text in more situations. + + commit 4c2abb221b29c9e8e0876fe986472b562ee1c99f + * g10/tofu.c (ask_about_binding): Print the info text when the policy + is ask and there are multiple bindings with the email address. + + g10: Print the formatted text. + + commit 0858f141a8b8d0c098a0c6097176b7225c4a9db8 + * g10/tofu.c (ask_about_binding): Print the formatted text, not the + unformatted text. + + g10: When showing a user id's trust, pass the current signature. + + commit 8dda861ad80228da76cd5c97467008c87b8b6eee + * g10/mainproc.c (check_sig_and_print): Consistently pass SIG to + get_validity. + +2016-08-29 Werner Koch <wk@gnupg.org> + + w32: Fix build regression due to 2aa0701. + + commit 8b3e691ffbaaa218d309d5aaf8f37532308558ff + * common/logging.c (fun_writer): Always declare 'name_for_err'. + + gpgconf: Print the plain socket directory with --list-dirs. + + commit 8e3fa5a4b205c534de2142e5d071712f957cf06a + * tools/gpgconf.c (list_dirs): Add plain socketdir out. + + common: Add a default socket name feature. + + commit 2aa0701013f703ad93e17da3345c493c08aa04ee + * common/logging.c (log_set_socket_dir_cb): New. + (socket_dir_cb): New. + (set_file_fd): Allow "socket://". + (fun_writer): Implement default socket name. + * common/init.c (_init_common_subsystems): Register default socket. + + gpg: Make decryption of -R work w/o --try-secret-key or --default-key. + + commit bdbd03608b6f508ac4732f9986a046de8a85a311 + * g10/getkey.c (enum_secret_keys): At state 3 enumerate the keys in all + cases not just when --try-all-secrets is used. + +2016-08-25 Werner Koch <wk@gnupg.org> + + gpg: Fix false negatives in Ed25519 signature verification. + + commit 0a5a854510fda6e6990938a3fca424df868fe676 + * g10/pkglue.c (pk_verify): Fix Ed25519 signatrue values. + * tests/openpgp/verify.scm (msg_ed25519_rshort): New + (msg_ed25519_sshort): New. + ("Checking that a valid Ed25519 signature is verified as such"): New. + + common: Rename an odd named function. + + commit 74a082bc10960b2d65d4d1e31152f988a40a2225 + * common/openpgp-oid.c (oid_crv25519): Rename to oid_cv25519. + (openpgp_oid_is_crv25519): Rename to openpgp_oid_is_cv25519. Change + callers. + + gpg: New option --with-tofu-info. + + commit 19d12be3cea5b4ee8153287a2f2442913a5e07a1 + * g10/gpg.c (oWithTofuInfo): New. + (opts): Add --with-tofu-info. + (main): Set opt.with_tofu_info. + * g10/options.h (struct opt): Add field WITH_TOFU_INFO. + * g10/tofu.c (show_statistics): Add optional arg OUTFP and enter + special mode if not NULL. Change all callers. + (tofu_write_tfs_record): New. + * g10/keylist.c (list_keyblock_colon): Do not print the tofu policy as + part of the "uid" record. Print a new "tfs" record if the new option + is set. + * tests/openpgp/tofu.scm (getpolicy): Change from UID to TFS record. + +2016-08-24 Werner Koch <wk@gnupg.org> + + gpg: Change TOFU_STATS to return timestamps. + + commit 0f1f02acc1cdcc2cf74a97b05507bb1f062f8af2 + * g10/tofu.c (write_stats_status): Add arg FP to print a colon + formated line. Adjust for changed TOFU_STATS interface. + (show_statistics): Let the query return timestamps and use + gnupg_get-time to compute the "time ago" values. + + common: Guarantee that gnupg_get_time does not return an error. + + commit 5eb2682686b32bd82096924eeabd0c5bd347adfd + * common/gettime.c (gnupg_get_time): Abor if time() failed. + (gnupg_get_isotime): Remove now useless check. + (make_timestamp): Remove check becuase we already checked this modulo + the faked time thing. + + wks: Add command --supported to gpg-wks-client. + + commit 460568d341851ac79dd100e00e4eafcac1318148 + * tools/gpg-wks-client.c (aSupported): New. + (opts): Add --supported. + (parse_arguments): Ditto. + (main): Call command_supported. + (command_supported): New. + +2016-08-22 Werner Koch <wk@gnupg.org> + + wks: Install gpg-wks-client under libexec. + + commit c47386a11a32c5ed3b5a31fad5c3e9a9a020ca7b + * tools/Makefile.am (bin_PROGRAMS): Move gpg-wks-client to ... + (libexec_PROGRAMS): ...here. + + common: Remove unused vars in simple-pwquery. + + commit 62f3e0027724b23c0de5be6d1e66cfdeef7e7bc9 + * common/simple-pwquery.c (agent_send_option): Remove unused vars. + (simple_query): Ditto. + (agent_open): Ditto. Return RC on error. + (simple_pwquery): Remove unused vars. Remove shadowing of 'p'. + +2016-08-18 Werner Koch <wk@gnupg.org> + + Release 2.1.15. + + commit 6bee88dd067e03e7767ceacf6a849d9ba38cc11d + + + po: Update German translation. + + commit 0a32153316855224acda268edb60b80d4e64b12f + + +2016-08-18 Åka Sikrom <a4@hush.com> + + po: Update Norwegian translation. + + commit ec88d7c8a9af864fad8ab5e0b9c4eb90ddcdd630 + + +2016-08-18 Ineiev <ineiev@gnu.org> + + po: Update Russian translation. + + commit 6f6bfbf175653faa5cf560a7174e81a599247e80 + + +2016-08-18 Werner Koch <wk@gnupg.org> + + gpg: Add import filter "drop-sig". + + commit 1b55e864421f88b8c8088639682767076abbeab0 + * g10/import.c (import_drop_sig): New variable. + (cleanup_import_globals): Release that. + (parse_and_set_import_filter): Add filter "drop-sig". + (filter_getval): Implement properties for drop-sig. + (apply_drop_sig_filter): New. + (import_one): Apply that filter. + + dirmngr: Remove all system daemon features. + + commit d83ba4897bf217d1045c58d1b99e52bd31c58812 + * dirmngr/dirmngr.h (opts): Remove fields 'system_service' and + 'system_daemon'. + * common/homedir.c (dirmngr_sys_socket_name): Remove. + (dirmngr_user_socket_name): Rename to ... + (dirmngr_socket_name): this. Change call callers. + * common/asshelp.c (start_new_dirmngr): Remove the system socket + feature. + * tools/gpgconf.c (list_dirs): Do not print "dirmngr-sys-socket". + * sm/server.c (gpgsm_server): Adjust for removed system socket feature. + * dirmngr/server.c (cmd_getinfo): Ditto. + (cmd_killdirmngr): Remove check for system daemon. + (cmd_reloaddirmngr): Ditto. + * dirmngr/dirmngr.c (USE_W32_SERVICE): Remove macro. + (aService): Remove. + (opts): Remove --service. + (w32_service_control): Remove. + (real_main, call_real_main) [W32]: Remove wrapper. + (main): Remove Windows system service feature. Remove system dameon + feature. Use only the "~/.gnupg/dirmngr_ldapservers.conf" file. + * dirmngr/certcache.c (load_certs_from_dir): Remove warning in the + system dameon case. + * dirmngr/crlcache.c (DBDIR_D): Always use "~/.gnupg/crls.d". + * dirmngr/ocsp.c (validate_responder_cert): Do not call + validate_cert_chain which was used only in system daemon mode. + * dirmngr/validate.c (validate_cert_chain): Always use the code. + + gpg: New option --sender. + + commit de6e3217cde81df370926571e0fd65e468619803 + * g10/options.h (struct opt): Add field 'sender_list'. + * g10/gpg.c: Include mbox-util.h. + (oSender): New. + (opts): Add option "--sender". + (main): Parse option. + +2016-08-16 Werner Koch <wk@gnupg.org> + + agent: Allow import of overly large keys. + + commit b5d63e81d5c472647decc7687cef91fee0378eb8 + * agent/command.c (MAXLEN_KEYDATA): Double the size. + +2016-08-14 Werner Koch <wk@gnupg.org> + + g13: Allow the use of a g13tab label for --mount. + + commit f02ceb6c6e94c6fbfaeeafe728397be38107de4d + * g13/mount.c (g13_mount_container): Do not run the first access check + if syshelp is required. + + g13: Implement --umount for dm-crypt. + + commit b781113cf1391926dedf8dc943624d3bb9726318 + * g13/g13.c (main): Implement command --umount. + * g13/mount.c (g13_umount_container): use the syshelper if needed. + * g13/backend.c (be_umount_container): New. + * g13/be-dmcrypt.c (be_dmcrypt_umount_container): New. + * g13/call-syshelp.c (call_syshelp_run_umount): New. + * g13/sh-cmd.c (cmd_umount): New. + (register_commands): Register UMOUNT. + * g13/sh-dmcrypt.c (sh_dmcrypt_umount_container): New. + +2016-08-13 Werner Koch <wk@gnupg.org> + + g13: Fix double free bug. + + commit c9a0bccc77c93c08d6980a1718dfaf238a559eb9 + * g13/sh-cmd.c (cmd_mount, cmd_resume): Do not xfree TIUPLES. + + g13: Consider g13tab for a mount command. + + commit 700920640211168ae1c97d0adef74ba8615d90bb + * g13/sh-cmd.c (cmd_getkeyblob): New. + (register_commands): Register it. + * g13/call-syshelp.c (getkeyblob_data_cb): New. + (call_syshelp_get_keyblob): New. + * g13/mount.c: Include callsyshelp.h. + (g13_mount_container): Ask syshelp whether the filename is managed by + g13tab. Call syshelp to get the encrypted keyblob in this case. + + g13: Move some function around. + + commit 37e932658cbd873ac96ff7e2067a97dffc2e0507 + * g13/keyblob.c (g13_keyblob_decrypt): Move to ... + * g13/server.c: to here. + * g13/suspend.c, g13/mount.c: Include server.h. + * g13/Makefile.am (g13_syshelp_SOURCES): Add keyblob.c + + g13: New command --find-device. + + commit b57f55321295846d47144bd6b39fbbcac0127421 + * common/status.h (STATUS_BLOCKDEV: New. + * g13/call-syshelp.c: Include "call-syshelp.h". + (finddevice_status_cb, call_syshelp_find_device): New. + * g13/g13.c (aFindDevice): New. + (opts): Add "--find-device". + (main): Implement --find-device. + * g13/sh-cmd.c (cmd_finddevice): New. + (register_commands): Register new command. + +2016-08-12 Daniel Kahn Gillmor <dkg@fifthhorseman.net> + + Avoid leading ": " in the log output when there are no prefixes. + + commit 3a75ff65fba24ea2d024bd8fef633ab7d8f7d520 + * common/logging.c (do_logv): When no prefixes have been requested, + omit the ": " separator, since there is nothing on the left-hand + side of it. + + Call log_set_prefix() with human-readable labels. + + commit 61c2a1fa6d6cb345f9d81f4bdd3f8f8ddac1ea3e + * agent/preset-passphrase.c, agent/protect-tool.c, dirmngr/dirmngr.c + * dirmngr/t-http.c, g10/gpg.c, g10/gpgv.c, g13/g13-syshelp.c + * g13/g13.c, kbx/kbxutil.c, scd/scdaemon.c, sm/gpgsm.c + * tests/gpgscm/main.c, tools/gpg-check-pattern.c + * tools/gpg-connect-agent.c, tools/gpgconf.c, tools/gpgtar.c + * tools/symcryptrun.c: Invoke log_set_prefix() with + human-readable labels. + +2016-08-11 Werner Koch <wk@gnupg.org> + + gpg: New option --input-size-hint. + + commit 70b5d7c43a57a44dad60c2c700a263610748d8f4 + * g10/options.h: Include stdint.h. + (struct opt): Add field 'input_size_hint'. + * g10/gpg.c (oInputSizeHint): New. + (opts): Add --input-size-hint. + (main): Set opt.input_size_hint. + * g10/progress.c (write_status_progress): Use the hint. + + common: New function string_to_u64. + + commit 0698324cde3e0cef7eeb6cfd1640c5eefdf13698 + * common/stringhelp.c (string_to_u64): New. + * dirmngr/http.c (longcounter_t): Remove. + (struct cookie_s): Change content_length to uint64_t. + (parse_response): Use string_to_u64. + +2016-08-11 Justus Winter <justus@g10code.com> + + common: Remove compatibility code. + + commit 72fa314b71e4ce8780f59b16d32cabf5d4bd5451 + * common/Makefile.am: Drop deleted files. + * common/w32-afunix.c: Delete file. + * common/w32-afunix.h: Likewise. + + common: Rework the simple password query module. + + commit 14479e2515439c73e385f37e8c2b3fc517b038b9 + * common/simple-pwquery.c (writen, readline): Drop. + (agent_send_option, agent_send_all_options, agent_open): Just use + libassuan. + (simple_pw_set_socket): Simplify. + (default_inq_cb): New function. + (simple_pwquery, simple_query): Just use libassuan. + * agent/Makefile.am (gpg_preset_passphrase_LDADD): Add libassuan. + * tools/Makefile.am (symcryptrun_LDADD): Likewise. + + common: Remove simple password query error codes. + + commit 9e6503b7ce019aa417099ded1dda87b68c33f912 + * common/simple-pwquery.h: Remove mapping function. Move all + definitions of status codes... + * common/simple-pwquery.c: ... here, and define them to meaningful gpg + error values. + * agent/preset-passphrase.c (preset_passphrase): Use error code as-is. + (forget_passphrase): Likewise. + * tools/symcryptrun.c (confucius_get_pass): Likewise. + +2016-08-10 Werner Koch <wk@gnupg.org> + + gpg: Print the signer's UID during verification. + + commit ed5c1b0b8a4790c4fb36a3129387f7c2ef5db302 + * g10/parse-packet.c (parse_signature): Sanitize the value stored in + SIGNERS_UID. + * g10/mainproc.c (issuer_fpr_string): New. + (check_sig_and_print): Print the signers' UID. Print the issuer + fingerprint in --rfc4880bis mode. + + common: New function try_make_printable_string. + + commit f2ea7e539c9a22081e3159dcbca84f57f30724ca + * common/stringhelp.c (sanitize_buffer): Remove. Move code to ... + * common/miscellaneous.c (try_make_printable_string): new. + (make_printable_string): Call try_make_printable_string. + +2016-08-10 Justus Winter <justus@g10code.com> + + tests: Fix distcheck. + + commit a6acf1f6b39c5a607f61f643a5d21309ba58685d + * tests/openpgp/issue2417.scm: Copy configuration. + +2016-08-10 Werner Koch <wk@gnupg.org> + + gpg: Remove tofu database format "split". + + commit 5b59999ce0dd1650ebe47a74a30ded6af00eeed3 + * g10/options.h (struct opt): Remove field tofu_db_format. + * g10/gpg.h (server_control_s): Add fields tofu.batch_update_ref and + tofu.batch_update_started. + * g10/gpg.c (parse_tofu_db_format): Remove. + (main): Make option --tofu-db-format obsolete. + * g10/tofu.c: Major rework. Remove the pretty complicated and slower + split format and with that all the caching. Use the dbs struct + directly. Move global vars for batch update into CTRL. Change + calling conventions of some function to take CTRL or DBS pointers + instead of the former low-level database pointer. + +2016-08-10 Justus Winter <justus@g10code.com> + + g10: Fix opening of trust database. + + commit a27410a251cd25ca96cd6743969c4db0a0fd553f + * g10/tdbio.c (tdbio_set_dbname): This function explicitly checks for + the file size, but handled the case of a zero-sized file incorrectly + by returning success. Fix this by initializing the database in that + case. + * tests/openpgp/Makefile.am (XTESTS): Add new test. + * tests/openpgp/issue2417.scm: New file. + + tests: Fix distcheck. + + commit 194b1e979c7c547afd0dfea5b2496bdfa34b20f1 + * tests/openpgp/Makefile.am (EXTRA_DIST): Explicitly add setup and + teardown scripts now that they no longer are included in the list of + tests. + + tests: Improve temporary directory handling. + + commit d9240a3a4688c263632b4168ae2e04363bc91a3a + * tests/gpgscm/ffi.c (ffi_init): Rename 'mkdtemp'. + * tests/gpgscm/tests.scm (mkdtemp): New function that uses a sensible + location and template if no arguments are given. + (with-temporary-working-directory): Simplify accordingly. + (make-temporary-file): Likewise. + * tests/openpgp/run-tests.scm (run-tests-parallel-isolated): Likewise. + (run-tests-sequential-isolated): Likewise. + + gpgscm: Make the name of foreign functions more unique. + + commit efe973dab7f69e2b1309446b2fbcd47ce0305399 + * tests/gpgscm/ffi-private.h (ffi_define_function_name): Add another + underscore. + + tests: Run each test in a clean environment. + + commit e13f1ea8fff3964dc3008432f5c0f26aaa2eaa35 + * tests/openpgp/Makefile.am (TESTS_ENVIRONMENT): Drop obsolete + variables, add 'srcdir', use absolute paths. + (TESTS): Rename to 'XTESTS' to avoid emitting the automake test + runner. Drop 'setup.scm' and 'finish.scm'. + (xcheck): New target that runs 'run-tests.scm', our Scheme test suite + runner. It will run each test in a clean environment, isolated from + the other tests. + (EXTRA_DIST): Adapt accordingly. + * tests/openpgp/README: Likewise. + + tests: Make ssh test more robust. + + commit b2b21580b68f3a9069562f99675b389a0d044713 + * tests/openpgp/ssh.scm: Drop the 'MD5:' which was not printed by + previous ssh versions. + +2016-08-10 NIIBE Yutaka <gniibe@fsij.org> + + agent: SSH support fix. + + commit f14795d57f6c81709e9225dd3c5dfd3495cf1b2b + * agent/command-ssh.c (ssh_handler_request_identities): Keep error + message same. + +2016-08-09 Werner Koch <wk@gnupg.org> + + agent: Fix regression in recent ssh changes. + + commit e630f904993725c54ec63be00369589b7b7234d2 + * agent/command-ssh.c (sexp_key_construct): Lowercase the algo name. + + gpg: Extend the PROGRESS line to give the used unit. + + commit 16feb1e0ea9b5d3966f22f4ae047335b9d1b60e1 + * g10/progress.c (write_status_progress): Print the units parameter. + +2016-08-09 Ben Kibbey <bjk@luxsci.net> + + Cleanup initialization of libgcrypt. + + commit 49829c29e541546084950b8a153067db371d101a + * common/init.c (init_common_subsystems): Initialize libgcrypt. + * dirmngr/Makefile.am (dirmngr_ldap): Link with libgcrypt. + +2016-08-09 NIIBE Yutaka <gniibe@fsij.org> + + agent: SSH support improvement. + + commit ebf24e3b29766595204355d82f435a3e675bfbbc + * agent/command-ssh.c (ssh_handler_request_identities): Skip a key with + error, not giving up to handle the request itself. + * agent/cvt-openpgp.c (extract_private_key): Support "ecdsa" key. + +2016-08-08 Werner Koch <wk@gnupg.org> + + gpg: Cleanup of dek_to_passphrase function (part 2). + + commit 491d6fdabb3d95905cd96d905e1f965ce8ff07e1 + * g10/passphrase.c (passphrase_get): Remove arg KEYID. Change arg + MODE to NOCACHE. + (passphrase_to_dek): Remove args KEYID and PUBKEY_ALGO. Split arg + MODE into CREATE and NOCACHE. Change all callers and adjust stubs. + (passphrase_clear_cache): Remove args KEYID and ALGO. They are not + used. Change caller. + + gpg: Cleanup of dek_to_passphrase function (part 1). + + commit 5b614973fe2d4b5ef402a3057c31c3ef3042a483 + * g10/passphrase.c (passphrase_to_dek_ext): Remove args CUSTDESC and + CUSTPROMPT. Merge into the passphrase_to_dek wrapper. + (passphrase_get): Remove args CUSTOM_DESCRIPTION and CUSTOM_PROMPT. + +2016-08-08 NIIBE Yutaka <gniibe@fsij.org> + + agent: More clean up of SSH support. + + commit 591a8373a5d9567db9b1a1a48205e8a206c7b669 + * common/util.h (get_pk_algo_from_key): New. + * common/sexputil.c (get_pk_algo_from_key): The implementation. + * agent/gpg-agent.c: Remove include of openpgpdefs.h. + * agent/command-ssh.c (struct ssh_key_type_spec): Use integer ALGO. + (ssh_key_types): Update with GCRY_PK_*. + (make_cstring, sexp_extract_identifier): Remove. + (sexp_key_construct): Use gcry_pk_algo_name to get ALGO string. + (ssh_key_to_blob): Use cadr to get value list. + (ssh_key_type_lookup): Lookup with integer ALGO. + (ssh_receive_key): Follow the change of ssh_key_type_lookup. + (ssh_send_key_public): Likewise. Use get_pk_algo_from_key to get ALGO. + + tests: Add openpgp/gpgv-forged-keyring.scm. + + commit 7dcad0d3503ac0d75e09efb16246dd78518986fc + * tests/openpgp/gpgv-forged-keyring.scm: New. + * tests/openpgp/forged-keyring.gpg: New. + * tests/openpgp/Makefile.am (TESTS): Add gpgv-forged-keyring.scm. + * tests/openpgp/defs.scm (tools): Add GPGV. + (GPGV): New. + +2016-08-06 Werner Koch <wk@gnupg.org> + + agent: Fix long standing regression tracking the connection count. + + commit 40d16029ed8b334c371fa7f24ac762d47302826e + * agent/gpg-agent.c (get_agent_active_connection_count): New. + (do_start_connection_thread, start_connection_thread_ssh): Bump + ACTIVE_CONNECTIONS up and down. + * agent/command.c (cmd_getinfo): Add subcommand "connections". + +2016-08-06 NIIBE Yutaka <gniibe@fsij.org> + + agent: Clean up SSH support. + + commit 894789c3299dc47a8c1ccaaa7070382f0fae0262 + * agent/command-ssh.c (file_to_buffer): Remove. + (ssh_handler_request_identities): Use agent_public_key_from_file. + +2016-08-05 Daniel Kahn Gillmor <dkg@fifthhorseman.net> + + gpg: Avoid publishing the GnuPG version by default. + + commit c9387e41db7520d176edd3d6613b85875bdeb32c + * g10/gpg.c (main): initialize opt.emit_version to 0 + * doc/gpg.texi: document different default for --emit-version + +2016-08-04 Werner Koch <wk@gnupg.org> + + gpg: Make sure that keygrips are printed for each subkey. + + commit c8cc804f56bfefba46641f2c7078fcd67b494bae + * g10/keylist.c (list_keyblock_colon): Print an emprty grip in case of + an error. + + gpg: Always print the fingerprint in colons mode. + + commit 54a1ed20e203dcafeacbe21eb147efa08255dbf5 + * g10/keylist.c (list_keyblock_colon): Remove arg FPR. Always print + fingerprint records. For secret keys always print keygrip records. + + tests: Use gpgconf to set the ssh socket envvar. + + commit 0c2a745a2bc21e8f439930f7c0e5d1521c2fd44c + * tests/openpgp/ssh.scm ("SSH_AUTH_SOCK"): Use gpgconf. + + gpgconf: Add limited support for -0. + + commit db6f3eb926619dfe6ed2a9be197c51f9a1b6198c + * tools/gpgconf.h (opt): Add field 'null'. + * tools/gpgconf.c: Add option --null/-0. + (list_dirs): Use it here. + +2016-08-04 Justus Winter <justus@g10code.com> + + tests: Update list of tests in Scheme test runner. + + commit 05cb30052cdf1d308ff7da901cfa5a809cd49479 + * tests/openpgp/run-tests.scm: Add missing tests. + + tests: Fix path to fake-pinentry. + + commit 3566544d04a4b81e5dd8a2883304673b2cc2f108 + * tests/openpgp/defs.scm: Correctly compute the path to fake-pinentry. + +2016-08-04 NIIBE Yutaka <gniibe@fsij.org> + + po: Update Japanese translation. + + commit 89234f7f3643bad2daddc94569f1d651ec5c835e + + + po: update Japanese translation. + + commit 573e0f36190346e0263bea3ae12a389f4f598d55 + + + g10: Fix checking key for signature validation. + + commit 6f284e6ed63f514b15fe610f490ffcefc87a2164 + * g10/sig-check.c (check_signature2): Not only subkey, but also primary + key should have flags.valid=1. + +2016-08-03 Justus Winter <justus@g10code.com> + + kbx: Add missing header file. + + commit e3358b246d9380008a4ba7c8f2fe03659901adaf + * kbx/keybox-update.c: Add missing header file. + +2016-08-03 Daniel Kahn Gillmor <dkg@fifthhorseman.net> + + More cleanup of "allow to". + + commit dc107b78509807db375d3a382eb3376cd2183357 + * README, agent/command.c, agent/keyformat.txt, common/i18n.c, + common/iobuf.c, common/keyserver.h, dirmngr/cdblib.c, + dirmngr/ldap-wrapper.c, doc/DETAILS, doc/TRANSLATE, + doc/announce-2.1.txt, doc/gpg.texi, doc/gpgsm.texi, + doc/scdaemon.texi, doc/tools.texi, doc/whats-new-in-2.1.txt, + g10/export.c, g10/getkey.c, g10/import.c, g10/keyedit.c, m4/ksba.m4, + m4/libgcrypt.m4, m4/ntbtls.m4, po/ca.po, po/cs.po, po/da.po, + po/de.po, po/el.po, po/eo.po, po/es.po, po/et.po, po/fi.po, + po/fr.po, po/gl.po, po/hu.po, po/id.po, po/it.po, po/ja.po, + po/nb.po, po/pl.po, po/pt.po, po/ro.po, po/ru.po, po/sk.po, + po/sv.po, po/tr.po, po/uk.po, po/zh_CN.po, po/zh_TW.po, + scd/app-p15.c, scd/ccid-driver.c, scd/command.c, sm/gpgsm.c, + sm/sign.c, tools/gpgconf-comp.c, tools/gpgtar.h: replace "Allow to" + with clearer text. + + In standard English, the normal construction is "${XXX} allows ${YYY} + to" -- that is, the subject (${XXX}) of the sentence is allowing the + object (${YYY}) to do something. When the object is missing, the + phrasing sounds awkward, even if the object is implied by context. + There's almost always a better construction that isn't as awkward. + + These changes should make the language a bit clearer. + + dirmngr: Emit correct spelling of "superseded". + + commit 436b28c23194fa77919967338d5a61a82d242153 + * dirmngr/crlcache.c (list_one_crl_entry): Spell superseded correctly. + * dirmngr/ocsp.c (ocsp_invalid): Likewise. + + This might break some tools which parse the existing output and expect + misspellings, but i'm not sure there are many such tools, and we + should use standardized orthography going forward. + + Fix spelling and grammar. + + commit cd45cf782b91ff0f6b023913963e5258ffcbf464 + * agent/learncard.c: s/coccured/occurred/ + * doc/dirmngr.texi: s/ommitted/omitted/, s/orginally/originally/, + s/reponses/responses/i + * doc/gpg-agent.texi, doc/dirmngr.texi, doc/gpg.texi: Fix "allows + to" to more conventional english usage. + * doc/tools.texi, g10/gpgcommpose.c, tests/openpgp/armor.scm, + tests/openpgp/armor.test: s/occured/occurred/ + * tools/gpgsplit.c: s/calcualting/calculating/ + * sm/server.c: s/formated/formatted/ + +2016-08-03 Werner Koch <wk@gnupg.org> + + gpg,gpgsm: Block signals during keyring/keybox update. + + commit 48a2c93a1886589d1a0e2a4a2173e0e81311200b + * kbx/keybox-util.c (keybox_file_rename): Add arg BLOCK_SIGNALS. + * kbx/keybox-update.c (rename_tmp_file): Block all signals when doing + a double rename. + * g10/keyring.c (rename_tmp_file): Block all signals during the double + rename. + + common: New file utilproto.c. + + commit 3a2421c94015432caa49e166bc5bf5c4f80ab7c7 + * common/util.h: Factor prototypes from signal.c out to ... + * common/utilproto.h: new. + * common/Makefile.am (common_sources): Add new file. + +2016-08-01 Justus Winter <justus@g10code.com> + + gpgsm: Fix machine-readable key listing. + + commit 40365b28c3fdf087fd58401f5a6f42f9d7d29d20 + * sm/keylist.c (list_cert_colon): Drop superfluous colon. + + tests: Distribute standalone test runner. + + commit c971ff0823d9a649b32fd9f169a12abc3095246e + * tests/openpgp/Makefile.am (EXTRA_DIST): Add missing file + 'run-tests.scm'. + +2016-07-28 Justus Winter <justus@g10code.com> + + tests: Fix distcheck. + + commit 9e799b0e4f131126b80a5d3272c36d52b8ba1720 + * tests/openpgp/Makefile.am (sample_msgs): New variable. + (EXTRA_DIST): Also ship the sample msgs. + +2016-07-27 Fredrik Fornwall <fredrik@fornwall.net> + + build: Fix check for Android. + + commit 583a464c62ce8f7d70f5fdab2c7ea73ec3348d69 + * configure.ac: Match other Android targets as well. + +2016-07-26 Justus Winter <justus@g10code.com> + + common: Fix iobuf_peek corner case. + + commit b2572b0c386fd12ac6581fcce72f8d48cbfd27c7 + Previously, iobuf_peek on a file smaller than 'buflen' would hang. + + * common/iobuf.c (underflow): Generalize by adding a target parameter. + (iobuf_peek): Use this to prevent looping here. + * tests/openpgp/Makefile.am (TESTS): Add new test. + * tests/openpgp/setup.scm (dearmor): Move function... + * tests/openpgp/defs.scm (dearmor): ... here. + * tests/openpgp/issue2419.scm: New file. + * tests/openpgp/samplemsgs/issue2419.asc: Likewise. + + gpgscm: Do not shadow common function name in catch macro. + + commit 046338b8494c036a5e717130d3eadce0291126fc + * tests/gpgscm/init.scm (catch): Do not shadow 'exit'. + + tests: Fix distcheck. + + commit 66c0dab3c722c2766828515120775b106286334e + * tests/openpgp/Makefile.am (samplekeys): Add missing key. + + gpgscm: Make the verbose setting more useful. + + commit f17aecbcd98103fcd2ece537be96930f354de656 + * tests/gpgscm/ffi.c (do_get_verbose): New function. + (do_set_verbose): Likewise. + (ffi_init): Turn *verbose* into a function, add *set-verbose!*. + * tests/gpgscm/tests.scm (call): Adapt accordingly. + (call-with-io): Dump output if *verbose* is high. + (pipe-do): Adapt accordingly. + * tests/openpgp/defs.scm: Set verbosity according to environment. + * tests/openpgp/run-tests.scm (test): Adapt accordingly. + + common: Avoid excessive stack use. + + commit b3610badf691178bbbf0831af9aa6b6658c1948a + * common/exectool.c (copy_buffer_shred): Make passing NULL a nop. + (gnupg_exec_tool_stream): Allocate copy buffers from the heap. + + common: Rework resource cleanup when handling errors. + + commit 35132a8b119dbc3393ceb0d0874917905d1a6354 + * common/exectool.c (gnupg_exec_tool_stream): Rework error handling. + + common: Add unit test for exectool. + + commit fe40e9c53dc0710ff73e72d05ba8040874465b55 + * common/Makefile.am: Build new test. + * common/t-exectool.c: New file. + +2016-07-25 Justus Winter <justus@g10code.com> + + g10: Fix key import statistics. + + commit 4ba11251aff578394000bf480f47160f0879c763 + 'transfer_secret_keys' collects statistics on a subkey-basis, while + the other code does not. This leads to inflated numbers when + importing secret keys. E.g. 'count' is incremented by the main + parsing loop in 'import', and again in 'transfer_secret_keys', leading + to a total of 3 if one key with two secret subkeys is imported. + + * g10/import.c (import_secret_one): Adjust to the fact that + 'transfer_secret_keys' collects subkey statistics. + * tests/openpgp/Makefile.am (TESTS): Add new test. + * tests/openpgp/issue2346.scm: New file. + * tests/openpgp/samplekeys/issue2346.gpg: Likewise. + +2016-07-22 Justus Winter <justus@g10code.com> + + gpgscm: Make function more general. + + commit 9ee23a715d5dad6bf568a2deb1c55bf15601cf51 + * tests/gpgscm/tests.scm (in-srcdir): Accept more path fragments. + + g10: Properly ignore legacy keys in the keyring cache. + + commit d9839c9d303a01dc1032a6de311e034fe14e81da + * g10/keyring.c (keyring_rebuild_cache): Properly ignore legacy keys + in the keyring cache. + * tests/migrations/Makefile.am (TESTS): Add new test. + * tests/migrations/common.scm (GPG-no-batch): New variable. + (run-test): New function. + * tests/migrations/issue2276.scm: New file. + * tests/migrations/issue2276.tar.asc: Likewise. + +2016-07-21 Justus Winter <justus@g10code.com> + + g10: Fix error handling. + + commit 45bb9a2a46e11bc13c6b39e7b4748b7de199018e + * g10/tofu.c (show_statistics): Fix error handling, 0 is a valid + duration. + + g10: Drop superfluous begin transaction. + + commit 8a6f8e1e397a2d676b211f2dbc6df4a80b67442d + * g10/tofu.c (record_binding): We only need a transaction for the + split format. + + gpgscm: Make assert macro more accurate. + + commit 699c6c9f4b44441ab3db7f942df5b81f4cd88b06 + * tests/gpgscm/lib.scm (assert): Print the representation of the + failed expression. + + gpgscm: Make error message more useful. + + commit 7207b2fe45bcf884e029366a2677a570234bed2e + * tests/gpgscm/scheme.c (opexe_0): Include names of missing function + parameters in the error message. + + g10: Fix crash. + + commit 1af2fd44f0a66fd0d94c224319db0b128d42a288 + * g10/tofu.c (tofu_closedbs): Fix freeing database handles up to the + cache limit. Previously, this would crash if db_cache_count == count. + +2016-07-20 NIIBE Yutaka <gniibe@fsij.org> + + scd: Fix card removal/reset on multiple contexts. + + commit 1598a4476466822e7e9c757ac471089d3db4b545 + * scd/app.c (application_notify_card_reset): Add message for debug. + *scd/command.c (update_card_removed): Call release_application and set + SLOT -1 here. + (struct server_local_s): Remove app_ctx_marked_for_release. + (do_reset): Don't mark release but call release_application here. + (open_card): Remove app_ctx_marked_for_release handling. + (update_reader_status_file): Don't set SLOT here, so that it can be + released the APP by application_notify_card_reset in + update_card_removed. + +2016-07-19 Justus Winter <justus@g10code.com> + + agent: Add known keys to sshcontrol. + + commit 270f7f7b8b235cc93516566702e2a1d256605cca + * agent/command-ssh.c (ssh_identity_register): Add a key to sshcontrol + even if it is already in the private key store. + * tests/openpgp/ssh.scm: Test this. + + tests: Add test for ssh support. + + commit d7a405de8325aa945ab791dcd3bc48272af33b86 + * tests/gpgscm/tests.scm (path-expand): New function. + * tests/openpgp/Makefile.am (TESTS): Add new test. + (sample_keys): Add new keys. + (CLEANFILES): Clean ssh socket and control file. + * tests/openpgp/fake-pinentry.c (main): Add a default passphrase. + * tests/openpgp/gpg-agent.conf.tmpl: Enable ssh support. + * tests/openpgp/samplekeys/ssh-dsa.key: New file. + * tests/openpgp/samplekeys/ssh-ecdsa.key: Likewise. + * tests/openpgp/samplekeys/ssh-ed25519.key: Likewise. + * tests/openpgp/samplekeys/ssh-rsa.key: Likewise. + * tests/openpgp/ssh.scm: Likewise. + +2016-07-19 NIIBE Yutaka <gniibe@fsij.org> + + scd: Fix race conditions for release_application. + + commit 0c1fd4e9884ed7c1edd1819762b9e8a77f606ed3 + * scd/command.c (do_reset, cmd_restart): Reset app_ctx before calling + release_application. + +2016-07-18 Justus Winter <justus@g10code.com> + + agent: Fix passphrase cache lookups. + + commit f474249366e8e143c8e6eb7f7b1a74056e46fa1f + CACHE_MODE_ANY is supposed to match any cache mode except + CACHE_MODE_IGNORE, but the code used '==' to compare cache modes. + + * agent/cache.c (cache_mode_equal): New function. + (agent_set_cache): Use the new function to compare cache modes. + (agent_get_cache): Likewise. + * tests/openpgp/Makefile.am (TESTS): Add new test. + * tests/openpgp/issue2015.scm: New file. + +2016-07-15 Justus Winter <justus@g10code.com> + + build: Always build gpgtar. + + commit 7f4dd24b880323a5b772719dafae829c288303a8 + We use gpgtar to unpack test data, hence we always build it. If the + user opts out, we simply don't install it. + + * configure.ac: Add comment. + * tests/migrations/Makefile.am (required_pgms): Make sure gpgtar is + built. + * tools/Makefile.am: Always build gpgtar, but do not install it if the + user used '--disable-gpgtar'. + +2016-07-15 Werner Koch <wk@gnupg.org> + + wks: Publish as binary file. + + commit b7b37716b9d2cd1b71b5f7f0e4fb2c1a43eee90a + * tools/gpg-wks-server.c (copy_key_as_binary): New. + (check_and_publish): Use new function instead of rename. + +2016-07-15 Justus Winter <justus@g10code.com> + + gpgscm: Fix linking. + + commit c49c43d7e4229fd9f1bc55e17fa32fdc334dbef6 + * tests/gpgscm/Makefile.am: Add -lintl. + + g10: Fix building without trust models. + + commit d21efa398874be4a15e8283c5fc382fb90f562fd + * g10/pkclist.c (write_trust_status): Fall back to the previous + behavior. + + tests: Check for gpgtar. + + commit 12a887050a560c4cacaf95e4cdb0cc42d8b87aa1 + * tests/migrations/extended-pkf.scm: Skip test if gpgtar is not built. + * tests/migrations/from-classic.scm: Likewise. + * tests/openpgp/gpgtar.scm: Fix check for gpgtar. + +2016-07-14 Werner Koch <wk@gnupg.org> + + Release 2.1.14. + + commit 09c448202ffb4c26d7ec2028351a78e2d3680396 + + + po: Update the German translation. + + commit 23c2491f94b94fa231bde8187eb958432555eff1 + + +2016-07-14 Damien Goutte-Gattat <dgouttegattat@incenp.org> + + dirmngr: fix handling of HTTP redirections. + + commit 60428c24fb29cb633c9392abb777bc4da88dbfba + * dirmngr/ks-engine-http.c (ks_http_fetch): Reinitialize HTTP session + when following a HTTP redirection. + +2016-07-14 Werner Koch <wk@gnupg.org> + + gpg: Remove options --print-dane-records and --print-pka-records. + + commit 1e9bc66a9a60de668890452d504eea3c3c614f7e + * g10/gpg.c (main): Remove options but print a dedicated warning. + * g10/options.h (struct opt): Remove fields 'print_dane_records' and + 'print_pka_records'. + * g10/keylist.c (list_keyblock): Do not call list_keyblock_pka. + (list_keyblock_pka): Remove. + +2016-07-14 Åka Sikrom <a4@hush.com> + + po: Complete update of the Norwegian translation. + + commit d6d7e4d218a1e2e2a88bc893b00967b032d194f8 + + +2016-07-14 Yuri Chornoivan <yurchor@ukr.net> + + Update Ukrainian translation. + + commit 9427288ebb32141c196996315f93535fd7744901 + + +2016-07-14 Ineiev <ineiev@gnu.org> + + Update Russian translation. + + commit 39c88870359bc75e9f72e08a7466fcff01bdc655 + + +2016-07-14 Werner Koch <wk@gnupg.org> + + gpg: Fix regression since 2.1 in --search-key with a fingerprint. + + commit 0342369ce001b9dba04dc79e7a4eb66fbda278e7 + * dirmngr/ks-engine-hkp.c (ks_hkp_search): Prefix fingerprint with 0x. + + gpgscm: Use kludge to avoid improper use of ffi_schemify_name. + + commit fb14bf0a95e361b0991067e3aea2902d54be811d + * tests/gpgscm/ffi.c (ffi_schemify_name): Use xstrdup instead of + strdup for now. + + build: Require latest released libraries. + + commit c98995efefbdebea8f53d54ba2df4217dfd31ad4 + * agent/protect.c (OCB_MODE_SUPPORTED): Remove macro. + (do_encryption): Always support OCB. + (do_decryption): Ditto. + (agent_unprotect): Ditto. + * dirmngr/server.c (is_tor_running): Unconditionally build this. + +2016-07-13 Werner Koch <wk@gnupg.org> + + build: Update config.{guess,sub} to {2016-05-15,2016-06-20}. + + commit 66b634f27f10e4c0cb21c3f201998497d0bb24ca + * build-aux/config.guess: Update. + * build-aux/config.sub: Update. + + gpg: Fix regression due to the new --mimemode options. + + commit 3b8ed7650d2d63b01ec80ecf9e493b80e3ac7ef8 + * g10/gpg.c (opts): Re-add oTextmodeShort. + +2016-07-13 Daiki Ueno <ueno@gnu.org> + + gpg: Make --try-all-secrets work for hidden recipients. + + commit 82b90eee100cf1c9680517059b2d35e295dd992a + * g10/getkey.c (enum_secret_keys): Really enumerate all secret + keys if --try-all-secrets is specified. + +2016-07-13 Werner Koch <wk@gnupg.org> + + gpg: Do not print a the short keyid if the high word is zero. + + commit 7b96a8d736934e65bb2adbc17059f84dfeaf95fb + * g10/keyid.c (format_keyid): Always returh long keyid ifor KF_LONG. + + gpg: New option --mimemode. + + commit e148c3caa90fbadba32bdbfea9513392e3aea598 + * g10/gpg.c (oMimemode): New. + (opts): Add --mimemode. + (main): Use --mimemode only in rfc4880bis compliance mode. + * g10/options.h (struct opt): Add field "mimemode". + * g10/build-packet.c (do_plaintext): Allow for mode 'm'. + * g10/encrypt.c (encrypt_simple, encrypt_crypt): Use 'm' if requested. + * g10/plaintext.c (handle_plaintext): Handle 'm' mode. + * g10/sign.c (write_plaintext_packet): Handle 'm' mode. + (sign_file, sign_symencrypt_file): Use 'm' if requested. + + wks: Use correct key for the confirmation. + + commit 95810929f75bd718dbdf2cd1c0181137a45e2456 + * tools/gpg-wks-client.c (send_confirmation_response): Actually + encrypt to the recipient. + + wks: New server command --list-domains. + + commit 44ecc33b4a7147d9c112a72f55a42b65cef4fe67 + * tools/gpg-wks-server.c (aListDomains): New. + (opts): Add --list-domains. + (parse_arguments): Implement. + (main): Ditto. Use only one final diagnostic message. + (command_list_domains): New. + (check_and_publish): Remove directory creation. + (get_domain_list): New. + (expire_pending_confirmations): Rewrite using a list of directories. + (command_cron): Get domain list and pass to + expire_pending_confirmations. + +2016-07-13 NIIBE Yutaka <gniibe@fsij.org> + + agent: Fix envvars for UPDATESTARTUPTTY. + + commit 7be218177701af316db75057c99ca674d53cf585 + agent/command.c (cmd_updatestartuptty): Use session_env_list_stdenvnames + to get the list. + +2016-07-12 Werner Koch <wk@gnupg.org> + + g13: Fix memleak. + + commit acb27915f8646a875b6bb507ff46cd1bc330c02b + * g13/g13tuple.c (create_tupledesc): Init refcount to 1. + + wks: Add --cron command to gpg-wks-server. + + commit 38eb5f81d223616e3ee34bdfb41c387ce4e7df22 + * tools/gpg-wks-server.c (PENDING_TTL): New. + (expire_one_domain, expire_pending_confirmations): New. + (command_cron): New. + (main): Implement --cron. + + wks: Try to send an encrypted confirmation back. + + commit 5de41c4ecef32add89044b8a550a47cce8c6d61e + * tools/gpg-wks-client.c (encrypt_response_status_cb): New. + (encrypt_response): New. + (send_confirmation_response): Encrypt the response. + + * tools/gpg-wks-server.c (send_confirmation_request): Use freeing of + BODY and BODYENC. + + wks: Also create DANE record. + + commit d3837e0435921bfa5587a50738f5924a5fdf976a + * tools/gpg-wks-server.c (copy_key_as_dane): New. + (check_and_publish): Also publish as DANE record. + + gpg: Extend import-option import-export to print PKA or DANE. + + commit 9b075575cdc5851b019aed5ca5d5e18416beec8e + * g10/export.c (do_export_stream): Move PKA and DANE printing helper + code to ... + (print_pka_or_dane_records): this fucntion. + (write_keyblock_to_output): Add arg OPTIOSN and call + print_pka_or_dane_records if requested. + + gpg: Move a function from import.c to export.c. + + commit 0f5b105d96780a29cc58893285e6c38482e0cc2d + * g10/import.c (write_keyblock_to_output): Move to ... + * g10/export.c (write_keyblock_to_output): here. Add arg WITH_ARMOR. + Also make sure never to export ring trust packets. + +2016-07-11 Werner Koch <wk@gnupg.org> + + gpgconf: Enhance --list-dirs. + + commit 7732b332886792b2bbf47ecf7430e953f1c55a2c + * tools/gpgconf.c (main) <aListDir>: Factor code out to ... + (list_dirs): new. Rewrite to use a table. Allow selection of a + items. Add "agent-ssh-socket". + +2016-07-09 NIIBE Yutaka <gniibe@fsij.org> + + gpgv: Tweak default options for extra security. + + commit e32c575e0f3704e7563048eea6d26844bdfc494b + * g10/gpgv.c (main): Set opt.no_sig _cache, so that it doesn't depend on + cached status. Similarly, set opt.flags.require_cross_cert for backsig + validation for subkey signature. + +2016-07-07 Werner Koch <wk@gnupg.org> + + gpg: Add export options "export-pka" and "export-dane". + + commit cbe467e794f3be81b8da2bcb1732b5514b13b71d + * g10/options.h (EXPORT_PKA_FORMAT): New. + * g10/keylist.c (list_keyblock_pka): Do not use DANE flag. + * g10/export.c: Include zb32.h. + (parse_export_options): Add options "export-pka" and "export-dane". + (do_export): Do not armor if either of these option is set. + (print_pka_or_dane_records): New. + (do_export_stream): Implement new options. + + gpg: Split a too large export function. + + commit b05878f32aa507aa9087d7c992b630840b5ad71c + * g10/export.c (do_export_stream): Factor some code out to ... + (do_export_one_keyblock): new. + +2016-07-07 Justus Winter <justus@g10code.com> + + gpgscm: Capture output of spawned processes. + + commit 2f61aa0ff11b194d20307751ab686c87cd47dd56 + * tests/gpgscm/tests.scm (call-check): Capture stdout and stderr, and + return stdout if the child exited successfully, or include stderr in + the error. + * tests/openpgp/version.scm: Demonstrate this by checking the stdout. + +2016-07-06 Werner Koch <wk@gnupg.org> + + doc: Escape file names in generated macros. + + commit 511c2522b95333226a5e45e538fed29dd44c9be3 + * doc/mkdefsinc.c (print_filename): New. + (main): Use it here. + + wks: Let the server take the encrytion key from the file. + + commit e5896da666551da5322b2ae5458d429b9e60241e + * tools/gpg-wks-server.c (encrypt_stream): Change arg 'fingerprint' to + 'keyfile'. + (store_key_as_pending): Add arg 'r_fname' to make of the keyfile. + (send_confirmation_request): Add arg 'keyfile'. + (process_new_key): Pass on the name of the keyfile. + + gpg: New options --recipient-file and --hidden-recipient-file. + + commit a479804c86bc24bfab101f39464db3ecfbaedf6d + * g10/gpg.c (oRecipientFile, oHiddenRecipientFile): New. + (opts): Add options --recipient-file and --hidden-recipient-file. + (main): Implement them. Also remove duplicate code from similar + options. + * g10/keydb.h (PK_LIST_FROM_FILE): New. + (PK_LIST_SHIFT): Bump up. + * g10/pkclist.c (expand_group): Take care of PK_LIST_FROM_FILE. + (find_and_check_key): Add and implement arg FROM_FILE. + (build_pk_list): Pass new value for new arg. + * g10/getkey.c (get_pubkey_fromfile): New. + * g10/gpgv.c (read_key_from_file): New stub. + * g10/test-stubs.c (read_key_from_file): New stub. + * g10/server.c (cmd_recipient): Add flag --file. + * g10/import.c (read_key_from_file): New. + + * tests/openpgp/defs.scm (key-file1): New. + (key-file2): New. + * tests/openpgp/setup.scm: Add their private keys and import the + key-file1. + * tests/openpgp/encrypt.scm: Add new test. + + gpg: New option --no-keyring. + + commit 073be51a866cb5600479c504a44ae5ac94a449a2 + * g10/gpg.c (oNoKeyring): New. + (opts): Add "--no-keyring". + (main): Do not register any keyring if the option is used. + + gpg: Document use of node flags in import.c and remove unused args. + + commit fdfde91595109e51a5b8fafd292244ad41dfb83d + * g10/import.c (NODE_GOOD_SELFSIG): New. Use instead of 1. + (NODE_BAD_SELFSIG): New. Use instead of 2. + (NODE_DELETION_MARK): New. Use instead of 4. + (NODE_FLAG_A): New. Use to mark new nodes in merge_blocks. + (chk_self_sigs): Remove unused args FNAME and PK. + (import_one): Adjust call. Simplify error return because + chk_self_sigs does not return an error code. + (append_uid, append_key, merge_sigs, merge_keysigs): Remove unsued + args FNAME and KEYID. + (merge_blocks, import_one, import_secret_one) + (import_revoke_cert): Remove unused arg FNAME. + + gpg: Get rid of an unused arg in a function in getkey.c. + + commit 7e0c48eb6f18a80142ca2a0f76fe8d270a4e5b33 + * g10/getkey.c (pk_from_block): Remove unused arg CTX. Change all + callers. + + gpg: Change calling convention for a function in getkey.c. + + commit 9385dfeb9dd6d83608a10c7896c341f585a25a2b + * g10/getkey.c (merge_selfsigs): Remove arg CTX. Add args REQ_USAGE + and WANT_EXACT. + (finish_lookup): Adjust caller. Set LOOKUP_NOT_SELECTED here... + (lookup): and not here. + +2016-07-05 Werner Koch <wk@gnupg.org> + + gpg: Fix possible out-of-bounds read in is_armored. + + commit 5d1a9c4dc823b418db6c4686da55ee3abdf023b0 + * g10/armor.c (check_input): Call is_armored only if LEN >= 2. + (unarmor_pump): Use a 2 byte buffer for is_armored. + +2016-07-05 Justus Winter <justus@g10code.com> + + tests: Honor environment variable 'TMP'. + + commit 8270580a5a70874beeffcdd16221937db4bcdc93 + This fixes problems with long socket names, e.g. when doing distcheck. + + * tests/gpgscm/tests.scm (path-join): New function. + (with-temporary-working-directory): Honor 'TMP'. + (make-temporary-file): Likewise. + * tests/migrations/Makefile.am (TMP): Default to '/tmp'. + (TESTS_ENVIRONMENT): Set 'TMP'. + * tests/openpgp/Makefile.am (TMP): Default to '/tmp'. + (TESTS_ENVIRONMENT): Set 'TMP'. + + gpgscm: Improve robustness and compatibility. + + commit f26fe4f73e8430d93c03d95a8a24fdabd078bb20 + * tests/gpgscm/ffi.c (do_getenv): Avoid gccism. + (do_mkdtemp): Handle errors. + + tests/migrations: Fix distcheck. + + commit b70d08827ddb56423ad610b4ebaaaf9cc763512f + * tests/migrations/Makefile.am (TESTS): Rename test. + (TEST_FILES): Update list. + (EXTRA_DIST): Add common.scm. + * tests/migrations/common.scm (GPGTAR): New variable. + (dearmor): Rename and untar archive. + * tests/migrations/extended-private-key-format.scm: Rename. + (setup): Update. + * tests/migrations/extended-pkf.tar.asc: New file. + * tests/migrations/extended-private-key-format.gpghome: Delete. + * tests/migrations/from-classic.gpghome: Likewise. + * tests/migrations/from-classic.scm (setup): Update. + * tests/migrations/from-classic.tar.asc: New file. + + tools/gpgtar: Provide --create and --extract. + + commit 0b8a3358798b7028be872a923da2e275da67d592 + * tools/gpgtar.c (cmd_and_opt_values): New values. + (opts): New actions. + (parse_arguments): Handle new actions. + * tests/openpgp/gpgtar.scm: Test new interface. + + g10: Fix out-of-bounds read. + + commit a6b87981f7ddef42b25703723162c647e312b125 + * g10/armor.c (use_armor_filter): We need two bytes for 'is_armored'. + +2016-07-04 Werner Koch <wk@gnupg.org> + + wks: Add command --read to gpg-wks-client. + + commit 8c8ae043b8d65cb79e0e99c5bdbdcbf34714bd0c + * tools/gpg-wks-client.c (aRead): New. + (opts): Add command "--read". + (main): Implement that. + + tests: Add a gettime test for sizeof (time_t) > 4. + + commit 27d158ead4a2b9c52269ef28d050a49c786c7d13 + * common/t-gettime.c (test_isotime2epoch): Add 4 more tests. + +2016-07-03 Werner Koch <wk@gnupg.org> + + gpg: Avoid spurious failures on keyblocks with no or only deleted nodes. + + commit 9177a897732b3cebf3f15c97c1f613f71b6318fe + * g10/import.c (write_keyblock_to_output): Clear ERR on success. + + wks: Let the client only export the requested UID. + + commit 1bfed0bbc5ec9d60d4fb3a0f5c865923ed3563e7 + * tools/gpg-wks-client.c (get_key): Export only the requested uid. + + tools: Call sendmail directly from the wks tools. + + commit 7705f310f1406fe49b45e16c371b09863313f24f + * tools/send-mail.c, tools/send-mail.h: New. + * tools/wks-util.c: New. + * tools/Makefile.am (gpg_wks_server_SOURCES): Add them. + (gpg_wks_client_SOURCES): Ditto. + * tools/gpg-wks.h (opt): Add fields use_sendmail and output. + * tools/gpg-wks-client.c: Add options --send and --output. Rename + command --send to --create. + (command_send, send_confirmation_response): Output via wks_send_mime. + * tools/gpg-wks-server.c: Add options --send and --output. + (send_confirmation_request): Output via wks_send_mime. + (check_and_publish): Add hack for name-value bug. + +2016-07-02 Werner Koch <wk@gnupg.org> + + tools: Add options to gpg-wks-server. + + commit c619035d9cd0c9cef62facf5365321289051f9a0 + * tools/gpg-wks.h (opt): Add 'default_from' and 'extra_headers'. + * tools/gpg-wks-server.c (oFrom, oHeader): New. + (parse_arguments): Set them and check args. + (get_submission_address): New. + (send_confirmation_request): Set correct From address. Add extra + headers. + (process_new_key): Return an error code. + + tools: Extend mime-maker.c:mime_maker_add_header. + + commit 0e36a1d1fb79c2b75c081616eed00075190b38aa + * tools/mime-maker.c (add_header): Check header name and allow + name-value syntax. + (mime_maker_add_header): Add mode for a syntax check. + + doc: Describe filter expressions. + + commit 442efa9b3ff211c692b6967a944b3d9371ad1bb7 + * doc/gpg.texi: Remove some superfluous .E. + (FILTER EXPRESSIONS): New. + + yat2m: Fix table formatting. + + commit aae3cdb61555db4efb26f522030c8303a731d4a9 + * doc/yat2m.c (proc_texi_cmd): Use .TQ for @itemx. Print a .P at the + end of a level 0 table. + +2016-07-01 Werner Koch <wk@gnupg.org> + + gpg: New option --export-filter. + + commit 7bfc86c938d11c14ea78b196c82ceba2a2f5317d + * g10/gpg.c (oExportFilter): New. + (opts): Add --export-filter. + (main): Handle option. + * g10/export.c: Include recsel.h, init.h, and mbox-util.h. + (export_keep_uid): New global var. + (cleanup_export_globals): New. + (parse_and_set_export_filter): New. + (filter_getval): New. + (apply_keep_uid_filter): New. + (do_export_stream): Apply filter if set. + + gpg: New option --import-filter. + + commit 5137bf73ccc98a72c2eeac148e4d4b5d58f0a854 + * g10/gpg.c (oImportFilter): New. + (opts): Add --import-filter. + (main): Handle option. + * g10/import.c: Include recsel.h, init.h, and mbox-util.h. + (import_keep_uid): New global var. + (cleanup_import_globals): New. + (parse_and_set_import_filter): New. + (filter_getval): New. + (apply_keep_uid_filter): New. + (import_one): Apply filter if set. + + gpg: Allow to cache the mbox in a user id struct. + + commit f015552374d69e28292a12f2b91ab34d65c9b457 + * g10/packet.h (PKT_user_id): Add field 'mbox'. + * g10/free-packet.c (free_user_id): Free that. + + gpg: Make sure a user ID packet has always a terminating Nul in memory. + + commit d8bce478be3ae9e401841a77d189ef3c81ccb757 + * g10/keygen.c (write_uid): Avoid overflow. + + common: Add function to select records etc. + + commit 681c6ef757a73fc1a63a552186e038db179494aa + * common/recsel.c, common/recsel.h: New. + * common/t-recsel.c: New. + + common: Smart up register_mem_cleanup_func. + + commit 6446a6b3dfd3b2e68b4285870f902ed1f86b0866 + * common/init.c (register_mem_cleanup_func): Avoid double registration. + +2016-07-01 Justus Winter <justus@g10code.com> + + common: Annotate semi-static allocation. + + commit 49fdd0887c84ed7f7b858b9e7ffa146fcb7f1e87 + * common/argparse.c (optfile_parse): Allow string arguments to leak. + + g10: Fix memory leak. + + commit 78aeb236fe4ff3a6d51b3095148e7086f2a6e9a8 + * g10/keyserver.c (parse_keyserver_uri): Free URI. + + tools/gpgtar: Annotate semi-static allocation. + + commit cff63da930b6b3f0253668911e0931713b2b584a + * tools/gpgtar.c (shell_parse_argv): Annotate argument vector as + leaked. + + g10: Fix memory leak. + + commit c454922ffa71929c810c6ff048d902498575302f + * g10/import.c (transfer_secret_keys): Release curve from the previous + iteration. + + g10: Fix build with disabled kbnode cache. + + commit ff77b92aae9c8e20cbc7fa7c294adcc6a8c2f614 + * g10/kbnode.c (release_unused_nodes): Fix build with disabled kbnode + cache. + + g10: Fix memory leak. + + commit 44d4c695722d96b3bbef16f2843f62413b9670cd + * g10/trustdb.c (tdb_get_validity_core): Fix kbnode leak. + + g10: Fix memory leak. + + commit 5fafd18d474da7b763f5b82c73b6ca4288e136d7 + * g10/keygen.c (keygen_set_std_prefs): Fix memory leak. + + Fix trivial memory leaks in tests. + + commit 6bfbc368f90b274192d3751274816091675f5109 + * dirmngr/t-ldap-parse-uri.c (check_ldap_escape_filter): Free result. + * g10/t-stutter.c (main): Free file name. + +2016-06-30 Justus Winter <justus@g10code.com> + + tools: Fix trivial memory leak. + + commit 8f39185d7bfa0bc749f9ccf4a041d2da4eba24ff + * tools/gpg-connect-agent.c (main): Fix trivial memory leak. + + g10: Fix memory leak. + + commit 401db0eebbcd28dca8f4059706bfbd18d8cc7528 + * g10/export.c (do_export_stream): Free secret parameters. + + g10: Fix memory leak. + + commit eb4cdbefb05795b77a8a72189eff246b84442caf + * g10/keygen.c (read_parameter_file): Free 'line'. + + g10: Fix memory leak. + + commit 1de362af9094e0a1a0be60f77fbea7c5190a4dcc + * g10/sign.c (mk_notation_policy_etc): Free 'mbox'. + + common: Fix memory leak. + + commit 6b9a89e4c7d6f19de62e0a908a8d80c98bf99819 + * g10/textfilter.c (copy_clearsig_text): Free buffer. + + common: Fix memory leak. + + commit d2d19063d3adf29340aeb39f14e1b1e9aacf41e7 + * common/iobuf.c (iobuf_set_partial_body_length_mode): Only create + context if necessary. + + common: Fix memory leak. + + commit 9037c23979866e6e085b3e32f973bcba590a2635 + * common/simple-pwquery.c (agent_open): Free socket path. + + g10: Fix keybox-related memory leaks. + + commit 29beea6462cca32d3278b0f7f9364ff4342327b8 + * g10/keydb.c (keydb_release): Clear keyblock cache. + (keydb_get_keyblock): Revert previous change. + * kbx/keybox-blob.c (create_blob_finish): Free previous buffer, free + fixups after applying them. + (_keybox_release_blob): Free buffer. Currently, the buffer has been + extracted before the keybox is released, but this is the right thing + to do here. + + g10: Fix memory leak. + + commit 5869f518cbd8b41b4c9880fc593216b9efeea430 + * g10/compress.c (release_context): Free buffers. + + g10: Fix memory leak. + + commit 84f262102be19334534cccc66ed7eceea2714527 + * g10/sign.c (write_plaintext_packet): Free packet. + + g10: Fix memory leak. + + commit abae8a9dc8a00cf46291ccb40644b3a7aa477307 + * g10/mainproc.c (release_list): Do not exit early if list is NULL, + there are other resources that must be released. + + gpgscm: Fix reallocating string ports. + + commit 5003caa8fdc80afd5748835c06621014f83e6ec4 + * tests/gpgscm/scheme.c (realloc_port_string): Use memcpy because + Scheme strings may contain 0s. + + gpgscm: Free memory backing string ports. + + commit 599ad21104e622acbd1230d90d6a23abf9145499 + * tests/gpgscm/scheme.c (finalize_cell): Free memory backing string + ports. + + gpgscm: Use the allocator from libgcrypt. + + commit d4ede89981c769b0626ab2b37615da1d12a3b078 + * tests/gpgscm/main.c (main): Use the allocator from libgcrypt. + + w32: Fix build. + + commit dbcb342eaf1738798a5378d9ecd83c7946140d54 + * g10/keyedit.c (keyedit_quick_revuid): Fix call to + 'check_trustdb_stale'. + +2016-06-30 Daniel Kahn Gillmor <dkg@fifthhorseman.net> + + g10: Implement gpg --quick-revuid. + + commit 55d112eeb0743e90be46d15dbae67368ee7d4b50 + * g10/revoke.c (get_default_uid_revocation_reason): New. + * g10/keyedit.c (menu_revuid): Break out creation of uid revocation + into new function core_revuid. + * g10/keyedit.c (keyedit_quick_revuid): New. Selects key and + uid, invokes core_revuid. + * g10/gpg.c (main): Handle --quick-revuid argument. + * doc/gpg.texi: Document --quick-revuid. + +2016-06-29 Werner Koch <wk@gnupg.org> + + tools: Add gpg-wks-client and gpg-wks-server. + + commit 5d6c83deaa11327366b0038928200b9f9f85b426 + * configure.ac: Add option --enable-wks-tools + * tools/gpg-wks-client.c: New. + * tools/gpg-wks-server.c: New. + * tools/gpg-wks.h: new. + * tools/wks-receive.c: New. + * tools/call-dirmngr.c, tools/call-dirmngr.h: New. + + build: Improve GNUPG_BUILD_PROGRAM macro. + + commit d8ee0d79a702c92a257884bab86183d32d16ff0e + * acinclude.m4 (GNUPG_BUILD_PROGRAM): Allow for dash in options. + + tools: Add modules for MIME parsing and creating. + + commit c334fa8df0e3901857e1a277d3277a873ae4af74 + * tools/mime-maker.c: New. + * tools/mime-maker.h: New. + * tools/mime-parser.c: New. + * tools/mime-parser.h: New. + +2016-06-28 Justus Winter <justus@g10code.com> + + gpgscm: Fix memory leaks. + + commit 9c67958c4737b34c60ef2076f57234eec155eb36 + * tests/gpgscm/ffi-private.h (ffi_schemify_name): Fix prototype. + (ffi_define_function_name): Free schemified name. + (ffi_define_function): Likewise. + (ffi_define_constant): Likewise. + (ffi_define_variable_pointer): Likewise. + * tests/gpgscm/ffi.c (do_wait_processes): Free arrays. + (ffi_schemify_name): Fix type. + * tests/gpgscm/main.c (main): Free 'sc'. + + gpgscm: Free file names. + + commit 6cb2be91a7cc8a9b8ec42f3956adbb19347318e3 + * tests/gpgscm/scheme.c (scheme_load_named_file): Free file name. + + gpgscm: Fix buffer overflow. + + commit 56cebdc30c10eaec179a6911e308074264d876ae + * tests/gpgscm/scheme.c (store_string): Avoid writing past allocated + buffer. + + g10: Fix memory leaks. + + commit c57501cc5fa84dbaf560c0fc18853c9540e918af + * g10/keydb.c (keydb_get_keyblock): Free 'sigstatus' and 'iobuf'. + * g10/t-keydb-get-keyblock.c: Fix trivial memory leaks. + * g10/t-keydb.c: Likewise. + + common: Fix memory leaks. + + commit c14ef10fc347d966a1efcb5c2000cbf3aaafa905 + * common/ccparray.c (ccparray_put): Free old array. + * common/stringhelp.c (do_make_filename): Free 'home'. + * common/t-convert.c: Fix trivial memory leaks. + * common/t-iobuf.c: Likewise. + * common/t-mbox-util.c: Likewise. + * common/t-name-value.c: Likewise. + * common/t-stringhelp.c: Likewise. + * common/t-strlist.c: Likewise. + +2016-06-28 Werner Koch <wk@gnupg.org> + + dirmngr: add option to retrieve extra WKS info. + + commit b1e8e0d4b945e077966fb98175191aed056bd957 + * dirmngr/server.c (cmd_wkd_get): Add option --submission-address. + + gpg: Add hack to --quick-gen-key to create Curve25519 keys. + + commit 20ca075d9605e27e25a780bcc465c7371400ca61 + * g10/keygen.c (quick_generate_keypair): Add special algo string + "test-default". + + common: New function rfctimestamp. + + commit 1ddf5b846fc058171af5f2784dad866b73eb0205 + * common/gettime.c (rfctimestamp): New. + + common: Add missing header file for clarity. + + commit 781e614e3b4586da27e54caca39b6a7ed42fc7c7 + * common/zb32.c: Include zb32.h. + +2016-06-28 Justus Winter <justus@g10code.com> + + tools/gpgtar: Fix handling of '-'. + + commit 4819f687c48c7972c39ae29c7af1e891a4d57360 + * tools/gpgtar-extract.c (gpgtar_extract): Use stdin if file is '-'. + * tools/gpgtar-list.c (gpgtar_list): Likewise. + + common: Close input stream. + + commit d36f664bfdc39c05927cb6e14fe1b3ecb7b64bfa + * common/exechelp-posix.c (gnupg_spawn_process): Also close the input + stream in the child. + + common: Fix copying data from the spawned child. + + commit 8f79c31b4d465eeaf81c8046c35bb8c34512dd8d + Fixes intermittent gpgtar failures. + + * common/exectool.c (copy_buffer_do_copy): Initialize 'nwritten'. + (gnupg_exec_tool_stream): Loop until all data is copied. + +2016-06-28 NIIBE Yutaka <gniibe@fsij.org> + + g10: Fix --list-packets. + + commit 52f65281f9743c42a48bf5a3354c9ab0ecdb681a + * g10/gpg.c (main): Call set_packet_list_mode after assignment of + opt.list_packets. + * g10/mainproc.c (do_proc_packets): Don't stop processing with + --list-packets as the comment says. + * g10/options.h (list_packets): Fix the comment. + * g10/parse-packet.c: Fix the condition for opt.list_packets. + +2016-06-25 Werner Koch <wk@gnupg.org> + + build: Add aclocal macro from pkg-config. + + commit b6872353bae778d11730f5d0afd2192750777647 + * m4/pkg.m4: New. + + yat2m: Silence lint warnings and fix a printf format bug. + + commit 22b9bea1c3d0e944aa539a87d79e47d92ca5309f + * doc/yat2m.c (ATTR_PRINTF, ATTR_NR_PRINTF, ATTR_MALLOC): New. + (die, err, inf, xmalloc, xcalloc): New prototypes with attributes. + (get_section_buffer): Take care of !N_SECTIONS. + (proc_texi_cmd): Cast precision format arg. + (proc_texi_buffer): Do not set IN_CMD when not used afterwards. + +2016-06-24 Werner Koch <wk@gnupg.org> + + gpg: New import option "import-export". + + commit 7bca3be65e510eda40572327b87922834ebe07eb + * g10/import.c (parse_import_options): Add option "import-export". + (write_keyblock_to_output): New. + (import_one): Implement option. + +2016-06-23 Werner Koch <wk@gnupg.org> + + gpg: New import option "import-show". + + commit 1e5959ec059ba41f4de1e2f953300bc040efc16f + * g10/options.h (IMPORT_SHOW): New. + * g10/import.c (parse_import_options): Add "import-show". + (import_one): Implement that. + + gpg: Do not print the validity after key generation. + + commit 09c6f7135150efbbeb459d4ae0189a81e9d180f8 + * g10/keylist.c (struct keylist_context): Add field NO_VALIDITY. + (list_keyblock_print): Take care of it. + (list_keyblock_direct): Add arg NO_VALIDITY. + * g10/keygen.c (do_generate_keypair): Merge keyblock and print w/o + validity. + + common: Fix possible small memory leak in b64dec.c. + + commit c229ba4d8b9b16052ee0b9573bed7905be602cdf + * common/b64dec.c (b64dec_finish): Always release TITLE. + +2016-06-23 Justus Winter <justus@g10code.com> + + tests/openpgp: Fake the system time for the tofu test. + + commit e584d6468a2e72cd01e55f46104f9f96b56c0b66 + The keys in the tofu test are set to expire on 2016-09-17. Fake the + system time for this test. + + This commit includes changes to the old test as well, for those who + need to backport it. + + * tests/openpgp/gpg-agent.conf.tmpl: Drop trailing newlines. + * tests/openpgp/tofu.scm: Fake system time. + * tests/openpgp/tofu.test: Likewise. + + gpgscm: Handle exceptions in the transformation monad. + + commit 145910afc077e7a5df6cc8b10e180dfa6ce38cc3 + * tests/gpgscm/tests.scm (pipe:do): Raise errors. + (tr:spawn): Catch and return errors. + (tr:call-with-content): Likewise. + (tr:{open,write-to,pipe-do,assert-identity,assert-weak-identity}): + Adapt. + + tests/openpgp: Improve tests. + + commit 1e822654c1dcfc23a9ef689f4e18c0ebba18baca + * tests/openpgp/multisig.scm: Simplify test. + * tests/openpgp/setup.scm (dearmor): Use pipe. + + gpgscm: Add types for special objects. + + commit 332fa86982dc811640ac8643332d8375816e5b81 + * tests/gpgscm/scheme.c (enum scheme_types): Add types for boolean, + nil, eof, and the sink object. + (type_to_string): Handle new types. + (scheme_init_custom_alloc): Give special objects a type. + + gpgscm: Fix Scheme initialization. + + commit e6e56adf208f194ecafda29bb1c1c06655348432 + This potentially causes a crash if the garbage collector marks an eof + object. + + * tests/gpgscm/scheme.c (scheme_init_custom_alloc): Initialize + 'EOF_OBJ'. + +2016-06-23 Werner Koch <wk@gnupg.org> + + common: Add dedicated private key functions to name-value.c. + + commit 3ead21da80da4570e77036cc05303914c9b1f364 + * common/name-value.c (struct name_value_container): Add field + 'private_key_mode'. + (my_error): New. Use instead of gpg_error. + (nvc_new_private_key): New. + (nve_release): Add arg 'private_key_mode'. + (nvc_release): Call nve_release with private_key_mode flag. + (nvc_delete): Ditto. + (_nvc_add): Do no special case "Key:" in non-private_key_mode. + (nvc_get_private_key): Return error in non-private_key_mode. + (nvc_set_private_key): Ditto. + (nvc_parse): Factor all code out to ... + (do_nvc_parse): new. Add arg 'for_private_key'. + (nvc_parse_private_key): New. + * agent/findkey.c (write_extended_private_key): Replace nvc_parse by + nvc_parse_private_key. + (read_key_file): Ditto. + + * common/t-name-value.c (private_key_mode): New variable. + (my_nvc_new): New. Replace all callers. + (test_key_extraction): Take mode in account. + (run_tests): Ditto. + (run_modification_tests): Ditto. + (parse): Ditto. + (main): Add option --parse and rename --parse to --parse-key. + + common: Rename external symbols in name-value.c. + + commit d74d23d860c1e5039bd595c31c846782c5cb8025 + * common/name-value.c, common/name-value.h: Rename symbol prefixes + from "pkc_" to "nvc_" and from "pke_" to "nve_". Change all callers. + + common: Rename private-keys.c to name-value.c. + + commit b841a883a2a66807aa427e65d49067584bedfbe2 + * common/private-keys.c: Rename to name-value.c. + * common/private-keys.h: Rename to name-value.h. Chage all users. + * common/t-private-keys.c: Rename to t-name-value.c. + * common/Makefile.am: Adjust accordingly. + + common: Add PGP armor decoding to b64dec. + + commit 3694579bc4eef27ed53e1845bf03be38c299ce76 + * common/b64dec.c (decoder_states): Add new states. + (b64dec_proc): Handle PGP armored format. + +2016-06-23 NIIBE Yutaka <gniibe@fsij.org> + + g10: Fix regression of card-edit/fetch. + + commit 6f5ff1cfe449cf1f4cb7287bc57570eb794216b2 + * g10/card-util.c (fetch_url): Call keyserver_fetch instead of + keyserver_import_fprint. + +2016-06-21 Justus Winter <justus@g10code.com> + + tests/migrations: Convert to Scheme and re-enable. + + commit f548383d9af912bf93217068cc8aa99a9a6eda93 + * configure.ac: Re-enable. + * tests/Makefile.am: Likewise. + * tests/migrations/Makefile.am (TESTS): Use Scheme tests. + * tests/migrations/common.scm: New file. + * tests/migrations/extended-private-key-format.scm: Likewise. + * tests/migrations/from-classic.scm: Likewise. + * tests/migrations/extended-private-key-format.test: Drop file. + * tests/migrations/from-classic.test: Drop file. + + gpgscm: Add more file handling functions. + + commit c5e0ca5a59ebd91b67944ca125cc8cd73a9d243e + * tests/gpgscm/ffi.c (do_glob): New function. + (ffi_init): Define new function. + * tests/gpgscm/tests.scm (basename-suffix): New function.x + + tests/openpgp: Port the remaining tests to Scheme. + + commit 0340fcdac864109e3dd6edee759efc96e4d3f84e + * tests/openpgp/Makefile.am (TESTS): Add new tests. + * tests/openpgp/defs.scm (gpg-with-colons): New function. + (get-config): Use new function. + * tests/openpgp/export.scm: New file. + * tests/openpgp/tofu.scm: Likewise. + + gpgscm: Improve test framework. + + commit 65081c31e7536d8fb5effcc2c9aeeffc120c9a69 + * tests/gpgscm/lib.scm (echo): Move... + * tests/gpgscm/tests.scm (echo): ... here. + (info, error, skip): And use echo here. + (file-exists?): New function. + (tr:spawn): Check that source exists and if the sink has been created. + (tr:call-with-content): Hand in optional arguments. + + gpgscm: Use native string searching functions. + + commit 5fbbc4b334a73150e709a4802cac99abd8ada61d + * tests/gpgscm/ffi-private.h: Handle character arguments. + * tests/gpgscm/ffi.c (do_string_index): New function. + (do_string_rindex): Likewise. + (do_string_contains): Likewise. + (ffi_init): Define new functions. + * tests/gpgscm/ffi.scm (ffi-define): New macro. + * tests/gpgscm/lib.scm (string-index): Use native function, + demonstrate behavior. + (string-rindex): Likewise. + (string-contains?): Likewise. + Demonstrate behavior of various other functions. + (read-all): Rework so that it can handle large files. + + gpgscm: Improve error reporting. + + commit d99949fc8cf541018267964629992d55c97ca9ab + * tests/gpgscm/scheme.c (type_to_string): New function. + (Eval_Cycle): Include actual type in error message. + + gpgscm: Make memory allocation failures fatal. + + commit 616582071a2c76c4fb529d4da549aa95ee5d78d6 + * tests/gpgscm/scheme.c (Eval_Cycle): Exit if we run out of memory. + +2016-06-21 Werner Koch <wk@gnupg.org> + + sm: Do not install cacert and other root certificates. + + commit c19b2061274cd50838e62a2acbdc7e7d24888e7e + * doc/Makefile.am (dist_pkgdata_DATA): Move qualified.txt and + com-certs.pem to ... + (EXTRA_DIST): here. + +2016-06-20 Werner Koch <wk@gnupg.org> + + gpg: Add experimental support for an issuer fpr. + + commit 955baf04364721457cd99aad21942523cd50498c + * common/openpgpdefs.h (SIGSUBPKT_ISSUER_FPR): New. + * g10/build-packet.c (build_sig_subpkt_from_sig): Add arg PKSK and + insert the issuer fpr if needed. + * g10/sign.c (write_signature_packets): Pass signing key. + (make_keysig_packet): Ditto. + (update_keysig_packet): Ditto. + * g10/parse-packet.c (dump_sig_subpkt): Print issuer fpr. + (parse_one_sig_subpkt): Detect issuer fpr. + (can_handle_critical): Add issuer fpr. + * g10/mainproc.c (check_sig_and_print): Try to get key via fingerprint. + * g10/gpgv.c (keyserver_import_fprint): New stub. + * g10/test-stubs.c (keyserver_import_fprint): New stub. + + gpg: New option --rfc4880bis. + + commit ee2d9061d7abc36b857165a8395203a97380baa2 + * g10/options.h (struct opt): Add field flags.rfc4880bis. + * g10/gpg.c (oRFC4880bis): new. + (opts): add --rfc4880bis. + (main): Implement that and print a warning. + +2016-06-19 Niibe Yutaka <gniibe@fsij.org> + + scd: Reset nonnull_nad to zero for VENDOR_GEMPC. + + commit 971064f8b7ad676326b2a468f688037a303717df + * (parse_ccid_descriptor): nonnull_nad = 0 for all GEMPC device. + +2016-06-17 Werner Koch <wk@gnupg.org> + + tests: Make make distcheck work again. + + commit ce1689ea0720552ac900d7b2c4139caf24452018 + * Makefile.am (tests): Remove test code which would led to doubling + calls to for e.g. "make distclean". + * tests/Makefile.am: Typo fixes. + * tests/gpgscm/Makefile.am (EXTRA_DIST): Fix name of License file. + Add repl.scm. + (check): Replace by check-local because check is a standard automake + target. + * tests/openpgp/Makefile.am (TESTS_ENVIRONMENT): Replace gmake0sim by + automake generated macro. + (EXTRA_DIST): Add defs.scm + + gpgscm: Silence compiler warnings. + + commit dfe5282e5859409849a17d68b2b3a046370f65bd + * tests/gpgscm/scheme.c (mk_integer): Rename arg NUM to N. + (fill_vector): Ditto. + (mark): Rename var NUM to N. + (set_slot_in_env): Mark SC as unused. + (is_any): Mark P as unused. + + Add license notices for TinySCHEME. + + commit dc1db12d2c4f9f12bc3f7de37f76293b316c3f35 + * tests/gpgscm/COPYING: Rename to ... + * tests/gpgscm/LICENSE.TinySCHEME: this. + * AUTHORS: Add a note about TinySCHEME. + * build-aux/speedo/w32/pkg-copyright.txt: Add TinySCHEME notice. + +2016-06-17 Justus Winter <justus@g10code.com> + + tests/openpgp: Reimplement tests in Scheme. + + commit 9609cb20e4caee739b9fc4fd36797029d2970041 + * Makefile.am: Build the test infrastructure on Windows. + * tests/openpgp/Makefile.am (required_pgms): Add gpgscm. + (TESTS_ENVIRONMENT): Make sure gpgscm and the libraries are found. + (TESTS): Replace tests with the new Scheme implementations. + * tests/openpgp/4gb-packet.scm: New file. + * tests/openpgp/README: Likewise. + * tests/openpgp/armdetach.scm: Likewise. + * tests/openpgp/armdetachm.scm: Likewise. + * tests/openpgp/armencrypt.scm: Likewise. + * tests/openpgp/armencryptp.scm: Likewise. + * tests/openpgp/armor.scm: Likewise. + * tests/openpgp/armsignencrypt.scm: Likewise. + * tests/openpgp/armsigs.scm: Likewise. + * tests/openpgp/clearsig.scm: Likewise. + * tests/openpgp/conventional-mdc.scm: Likewise. + * tests/openpgp/conventional.scm: Likewise. + * tests/openpgp/decrypt-dsa.scm: Likewise. + * tests/openpgp/decrypt.scm: Likewise. + * tests/openpgp/default-key.scm: Likewise. + * tests/openpgp/defs.scm: Likewise. + * tests/openpgp/detach.scm: Likewise. + * tests/openpgp/detachm.scm: Likewise. + * tests/openpgp/ecc.scm: Likewise. + * tests/openpgp/encrypt-dsa.scm: Likewise. + * tests/openpgp/encrypt.scm: Likewise. + * tests/openpgp/encryptp.scm: Likewise. + * tests/openpgp/finish.scm: Likewise. + * tests/openpgp/genkey1024.scm: Likewise. + * tests/openpgp/gpgtar.scm: Likewise. + * tests/openpgp/import.scm: Likewise. + * tests/openpgp/mds.scm: Likewise. + * tests/openpgp/multisig.scm: Likewise. + * tests/openpgp/run-tests.scm: Likewise. + * tests/openpgp/seat.scm: Likewise. + * tests/openpgp/setup.scm: Likewise. + * tests/openpgp/signencrypt-dsa.scm: Likewise. + * tests/openpgp/signencrypt.scm: Likewise. + * tests/openpgp/sigs-dsa.scm: Likewise. + * tests/openpgp/sigs.scm: Likewise. + * tests/openpgp/use-exact-key.scm: Likewise. + * tests/openpgp/verify.scm: Likewise. + * tests/openpgp/version.scm: Likewise. + + tests/gpgscm: Add a TinySCHEME-based test driver. + + commit d2ce3f9eee34e380536049c0c9d26ed66273f094 + * configure.ac: Add new component. + * tests/Makefile.am: Likewise. + * tests/gpgscm/Makefile.am: New file. + * tests/gpgscm/ffi-private.h: Likewise. + * tests/gpgscm/ffi.c: Likewise. + * tests/gpgscm/ffi.h: Likewise. + * tests/gpgscm/ffi.scm: Likewise. + * tests/gpgscm/lib.scm: Likewise. + * tests/gpgscm/main.c: Likewise. + * tests/gpgscm/private.h: Likewise. + * tests/gpgscm/repl.scm: Likewise. + * tests/gpgscm/scheme-config.h: Likewise. + * tests/gpgscm/t-child.c: Likewise. + * tests/gpgscm/t-child.scm: Likewise. + * tests/gpgscm/tests.scm: Likewise. + + tests/gpgscm: Foreign objects support for TinySCHEME. + + commit 56c36f2932fe2baf8e46efdea4315cf33f3c0338 + * tests/gpgscm/scheme-private.h (struct cell): Add 'foreign_object'. + (is_foreign_object): New prototype. + (get_foreign_object_{vtable,data}): Likewise. + * tests/gpgscm/scheme.c (enum scheme_types): New type. + (is_foreign_object): New function. + (get_foreign_object_{vtable,data}): Likewise. + (mk_foreign_object): Likewise. + (finalize_cell): Free foreign objects. + (atom2str): Pretty-print foreign objects. + (vtbl): Add new functions. + * tests/gpgscm/scheme.h (struct foreign_object_vtable): New type. + (mk_foreign_object): New prototype. + (struct scheme_interface): Add new functions. + + Patch from Thomas Munro, + https://sourceforge.net/p/tinyscheme/patches/13/ + + tests/gpgscm: Dynamically allocate string buffer. + + commit 8e5ad9aabdd57457f76078924d33acb94b75a877 + * tests/gpgscm/scheme-config.h (strbuff{,_size}): Make buffer dynamic. + * tests/gpgscm/scheme.c (expand_strbuff): New function. + (putcharacter): Adapt length test. + (readstrexp): Expand buffer if necessary. + (scheme_init_custom_alloc): Initialize buffer. + (scheme_deinit): Free buffer. + + Patch from Thomas Munro, + https://sourceforge.net/p/tinyscheme/patches/11/ + + tests/gpgscm: Make exception value available. + + commit 3b100da9ada9171d873a796eaf3351d4fceed394 + * tests/gpgscm/init.scm (throw): Hand exception value to the handler. + (catch): And bind it to *error*. + + tests/gpgscm: Add package macro. + + commit 2907381f4a7b422823b2304ebe550acbb2f66480 + * tests/gpgscm/init.scm: Add package macro from manual. + + tests/gpgscm: Expose function to open streams as Scheme ports. + + commit 55275b8e2b43a3420d85a1a931e02febaa1113e7 + * tests/gpgscm/scheme.c (vtbl): Add 'port_from_file' to the vtable. + * tests/gpgscm/scheme.h (struct scheme_interface): New field + 'mk_port_from_file'. + + tests/gpgscm: Nicer error message. + + commit 13bba1357478815a85f5c0db3607ebb6cd574f56 + * tests/gpgscm/scheme.c (opexe_0): Include the value that we tried to + evaluate as function-like in the error message. + + tests/gpgscm: Fix error hook. + + commit e02c1ccae13e4eb55afef8de4f29022c709404eb + * tests/gpgscm/init.scm (*error-hook*): Fix error hook so that the + whole error message is displayed. + + tests/gpgscm: Handle unhandled enumeration values. + + commit 133f25703a47e9bbc28c4532934f405ecdeb2de0 + * tests/gpgscm/scheme.c (opexe_{3,4}): Handle unhandled enumeration + values in the opcode dispatching code. + + tests/gpgscm: Verbatim import of latest TinySCHEME. + + commit cb989504cdd4f0ff902d31af871dc3ee0d9419ac + Revision 110 from svn://svn.code.sf.net/p/tinyscheme/code/trunk + + * tests/gpgscm/COPYING: New file. + * tests/gpgscm/Manual.txt: Likewise. + * tests/gpgscm/init.scm: Likewise. + * tests/gpgscm/opdefines.h: Likewise. + * tests/gpgscm/scheme-private.h: Likewise. + * tests/gpgscm/scheme.c: Likewise. + * tests/gpgscm/scheme.h: Likewise. + +2016-06-17 Werner Koch <wk@gnupg.org> + + scd: Make option --homedir work. + + commit 4e41745b3ea3bb8ffc50af6bafeb1de9c928812f + * scd/scdaemon.c (opts): Add --homedir. + +2016-06-16 Werner Koch <wk@gnupg.org> + + Release 2.1.13. + + commit b3df4e2ac6aa9b4154e923f71b4221533043e5ac + + +2016-06-16 Yuri Chornoivan <yurchor@ukr.net> + + po: Update Ukrainian translation. + + commit d4ce1b04431cf02ebc1bdc7150ad587d599f2a95 + + +2016-06-16 Ineiev <ineiev@gnu.org> + + po: Update Russian translation. + + commit 2273e4f999325cdc9d275507cd07c7e95d62a377 + + +2016-06-16 Werner Koch <wk@gnupg.org> + + po: Update German translation. + + commit 69f1b0b041c251abb66f000db173a602693bb18f + + + Add missing files so that make distcheck works again, + + commit 4d7d292cd5b616b209dfd4302a1deffe11b7be0e + * tests/openpgp/Makefile.am (CLEANFILES): Add created file + "passphrases". + * tools/Makefile.am (EXTRA_DIST): Add no-libgcrypt.c. + + tools: Fix typo in function name of symcryptrun. + + commit e44dd878df58dab27c9cd411d80c4c81501e649a + * tools/symcryptrun.c (main): Fix typo. + +2016-06-15 Niibe Yutaka <gniibe@fsij.org> + + g10: Fix another race condition for trustdb access. + + commit 35a3ce2acf78a95fecbccfd8db0560cca24232df + * g10/tdbio.c (create_version_record): Call create_hashtable to always + make hashtable, together with the version record. + (get_trusthashrec): Remove call to create_hashtable. + +2016-06-14 Werner Koch <wk@gnupg.org> + + gpg: Print the subkey's curve and not the primary key curve. + + commit b56aebe76657ce6efa9c6819d5a8c2a31c2bbbba + * g10/keylist.c (list_keyblock_colon): Use PK2 for the subkey's curve. + + ldap: Improve info output for v3 fallback. + + commit b7e3dfcf139284d30921cf44e7bab43d4244cc37 + * dirmngr/dirmngr_ldap.c (fetch_ldap): Do not use log_debug in an + unprotected section. Replace log_debug by log_info in verbose mode. + +2016-06-14 Andre Heinecke <aheinecke@intevation.de> + + dirmngr: Try ldap protocol V3 as fallback. + + commit f989b6ee0db96c36f13f093cbbcfd1d5b472d03c + * dirmngr/dirmngr_ldap.c (fetch_ldap): Try V3 Protocol in case + default Protocol gives error. + + dirmngr: Print ldap error if bind fails. + + commit 5faddcb2927a997e05fb34eb270982096d1fe3a4 + * dirmngr/dirmngr_ldap.c (fetch_ldap): Use ldap_err2string on bind + return. + +2016-06-14 Werner Koch <wk@gnupg.org> + + gpgsm: Allow ciphers AES192 and SERPENT256. + + commit 5f9bd7a9e1ed4edcbb6c4e908d4bea5cd7dc9e68 + * sm/gpgsm.c (main): Add AES192 cipher. Allow SERPENT256. + + doc: Add files and envvars to a new index. + + commit 2423238ee4c8a8c531dfe9e45c95f2760b638faa + * doc/gnupg.texi: Define new index "ef". + (Environment Index): New. + + gpg: Avoid endless loop in a tofu error case. + + commit f980cd2e0e4694a38038f518f290017087d4ce33 + * g10/tofu.c (get_trust): Do not jump to out. + + gpg: Split tofu's get_trust function into several smaller ones. + + commit 1affdf1efc42ed22dc023c92ca5134d5bcbf2686 + * g10/tofu.c (get_trust): Factor code out to ... + (format_conflict_msg_part1): new and to ... + (ask_about_binding): new. + +2016-06-13 Werner Koch <wk@gnupg.org> + + gpg: Un-deprecate option --auto-key-retrieve. + + commit 9e126af215143fddbdc3949681abb9ffdb9153bb + * g10/gpg.c (main): Remove deprecation warning. + + gpg: New option --disable-signer-uid, create Signer's UID sub-packet. + + commit 61e7fd68c05ed185728e9da45f7a44a2323065ad + * g10/gpg.c (oDisableSignerUID): New. + (opts): New option '--disable-signer-uid'. + (main): Set option. + * g10/options.h (opt): Add field flags.disable_signer_uid. + * g10/sign.c: Include mbox-util.h. + (mk_notation_policy_etc): Embed the signer's uid. + * g10/mainproc.c (check_sig_and_print): Do not use WKD for auto key + retrieval if --disable-signer-uid is used. + + gpg: Try Signer's User ID sub-packet with --auto-key-retrieve. + + commit 08c82b1b55d28ffd09b859205b7686bcefae5011 + * g10/packet.h (PKT_signature): Add field 'signers_uid'. + * g10/parse-packet.c (parse_signature): Set this field. + * g10/free-packet.c (free_seckey_enc): Free field. + (copy_signature): Copy field. + * g10/mainproc.c (akl_has_wkd_method): New. + (check_sig_and_print): Extend NEWSIG status. If WKD is enabled try to + locate a missing key via the signature's Signer's User ID sub-packet. + Do this right before trying a keyserver lookup. + +2016-06-11 Werner Koch <wk@gnupg.org> + + gpg: Remove C-99ism, re-indent, and simplify one function. + + commit 334e993a71d3abb7d30cb5ee05d578cecf0c3f67 + * g10/call-agent.c (struct keyinfo_data): Rename to + keyinfo_data_parm_s. + (agent_get_keyinfo): Replace C-99 style init. + (keyinfo_status_cb): Use new fucntion split_fields. + * g10/export.c (match_curve_skey_pk): Add missings returns error + cases. + (cleartext_secret_key_to_openpgp): Better clear PK->PKEY first. + + common: New function split_fields. + + commit 5ba99d9302cd86aee99958b71075d5288bb430aa + * common/stringhelp.c (split_fields): New. + * common/t-stringhelp.c: Include assert.h. + (test_split_fields): New. + (main): Call test. + +2016-06-11 Daniel Kahn Gillmor <dkg@fifthhorseman.net> + + g10: Export cleartext keys as cleartext. + + commit c41c46fa84cabbed74a13ded51fc3a817a919367 + * g10/export.c (do_export_stream): If a key is stored by the agent in + cleartext, then try to export it as cleartext. + * tests/openpgp/export.test: For secret keys that are stored in + cleartext, test should try to export without pinentry interaction. + + g10: Allow receiving cleartext secret keys from agent. + + commit a3cb72af79ee645eda212f31ab0b266f2c3d9f29 + * g10/export.c (match_curve_skey_pk): New function, testing whether an + OpenPGP public key and an S-expression use the same curve. + * g10/export.c (cleartext_secret_key_to_openpgp): New function, + filling in the secret key parameters of a PKT_public_key object from + a corresponding cleartext S-expression. + * g10/export.c, g10/main.h (receive_seckey_from_agent): Add cleartext + parameter, enabling retrieval of the secret key, unlocked. + * g10/export.c (do_export_stream): Send cleartext as 0, keeping current + behavior. + * g10/keygen.c (card_store_key_with_backup): Use cleartext=0 to ensure + that smartcard backups are all passphrase-locked. + + g10: Add openpgp_protected flag to agent secret key export functions. + + commit 7de74320767d15d915942a98ff47c00175a078ed + * g10/call-agent.c, g10/call-agent.h (agent_export_key): Add + openpgp_protected flag. + * g10/export.c (receive_seckey_from_agent): Request openpgp_protected + secret keys from agent. + * agent/command.c (hlp_export_key): EXPORT_KEY help text: add a + brief description of the effect of --openpgp. + + g10: report whether key in agent is passphrase-protected or not. + + commit 00f30cc01c79bbdff5cdc3be795f009f15d3845e + * g10/call-agent.c, g10/call-agent.h (agent_get_keyinfo): add + r_cleartext parameter to report whether a key is stored without + passphrase protection. + * g10/gpgv.c, g10/test-stubs.c: augment dummy agent_get_keyinfo to + match new API. + * g10/export.c, g10/keyedit.c, g10/keygen.c, g10/keylist.c, + g10/sign.c: pass NULL to agent_get_keyinfo since we do not yet + need to know whether agent is passphrase-protected. + +2016-06-08 Werner Koch <wk@gnupg.org> + + Explicitly restrict socket permissions. + + commit 8127043d549a5843ea1ba2dc6da4906fc2258d53 + * agent/gpg-agent.c (create_server_socket): Call chmod before listen. + * scd/scdaemon.c (create_server_socket): Ditto. + * dirmngr/dirmngr.c (main): Ditto. + + w32: Fix recent build regression. + + commit 6790115fd9059e066b4e6feb6b1e3876a1c1d522 + * common/homedir.c (_gnupg_socketdir_internal) [W32]: Add definition + for NAME. + * g10/gpg.c (main) [W32]: Fix use og gnupg_homedir. + + * agent/gpg-agent.c (remove_socket): Remove unused var P. + * scd/scdaemon.c (cleanup): Ditto. + + gpgconf: New commands --create-socketdir and --remove-socketdir. + + commit cf4910419e09daf414f76ca2c8ab685c3d488ec1 + * tools/gpgconf.c: Include unistd.h. + (aCreateSocketDir, aRemoveSocketDir): New. + (opts): Add --create-socketdir and --remove-socketdir. + (main): Implement them. + + Implement /run/user/UID/gnupg based sockets. + + commit aab8a0b05292b0d06e3001a0b289224cb7156dbd + * common/homedir.c: Include sys/stat.h and zb32.h. + (w32_portable_app, w32_bin_is_bin): Change type from int to byte. + (non_default_homedir): New. + (is_gnupg_default_homedir): New. + (default_homedir): Set non_default_homedir. + (gnupg_set_homedir): Set non_default_homedir and make + the_gnupg_homedir and absolute directory name. + (gnupg_homedir): Return an absolute directory name. + (_gnupg_socketdir_internal): New. + (gnupg_socketdir): Implement /run/user/ based sockets. + * tools/gpg-connect-agent.c (get_var_ext): Replace now obsolete + make_filename by xstrdup. + * tools/gpgconf.c (main): Sue gnupg_homedir for the "homedir:" output. + + gpgconf: Add option --homedir. + + commit def512eb67c8a380f3b873cee0f156deef0b6dda + * tools/gpgconf.c (opts): Add --homedir. + (main): Set homedir. + + Do not use no-libgcrypt dummy for tools. + + commit 173fa97102fec68670a46ae1b460231e2a183c81 + * tools/Makefile.am (gpgconf_SOURCES): Remove no-libgcrypt.c. + (gpgconf_LDADD): Add LIBGCRYPT_LIBS. + (gpg_connect_agent_LDADD): Ditto. + (gpgtar_LDADD): Ditto. + * dirmngr/Makefile.am (dirmngr_client_LDADD): Ditto. + (t_common_ldadd): Ditto. Remove no-libgcrypt.o. + + Do not try to remove the enclosing directory of sockets. + + commit 0faf8951544f43790c412777a926c969540174bd + * agent/gpg-agent.c (remove_socket): Do not remove the enclosing + directory. + * scd/scdaemon.c (cleanup): Ditto. + +2016-06-07 Werner Koch <wk@gnupg.org> + + common: New function gnupg_socketdir. + + commit 36550dde998fa1d497098050ca2d4e1a952ed6b6 + * common/homedir.c (gnupg_socketdir): New. + * agent/gpg-agent.c (create_socket_name): Use new function instead of + gnupg_homedir. + (check_own_socket): Ditto. + (check_for_running_agent): Ditto. + * agent/preset-passphrase.c (main): Ditto. + * common/asshelp.c (start_new_gpg_agent): Ditto. + * scd/scdaemon.c (create_socket_name): Ditto. + * tools/gpgconf.c (main): Ditto. + * tools/symcryptrun.c (main): Ditto. + + common: Remove homedir arg from start_new_{dirmngr,gpg_agent}. + + commit fb88f37c40dc156fa0b5bfba4ac85f1e553fd7e9 + * common/asshelp.c (start_new_gpg_agent): Remove arg 'homedir' in + favor of gnupg_homedir (). Change all callers. + (start_new_dirmngr): Ditto. + * common/get-passphrase.c (gnupg_prepare_get_passphrase): Remove arg + 'homedir'. + + Replace use of opt.homedir by accessor functions. + + commit 22a7ef01aa2c0eb77bcc40174d09104acc35cab1 + * common/homedir.c (the_gnupg_homedir): New var. + (gnupg_set_homedir): New. + (gnupg_homedir): New. + * g10/options.h (struct opt): Remove 'homedir' and replace all users + by the new accessor functions. + * g13/g13-common.h (struct opt): Ditto. + * scd/scdaemon.h (struct opt): Ditto. + * sm/gpgsm.h (struct opt): Ditto. + * dirmngr/dirmngr.h (struct opt): Ditto. + * agent/preset-passphrase.c (opt_homedir): Ditto. + * agent/protect-tool.c (opt_homedir): Ditto. + +2016-06-07 NIIBE Yutaka <gniibe@fsij.org> + + po: Update Japanese translation. + + commit 650abbab716750d6087a457a25fa2efaaa3567cd + + + gpg: Fix command line parsing of --quick-addkey and --quick-gen-key. + + commit abeeb84a94be815a16e678b319cb5c8bffde2811 + * g10/gpg.c (main): Compose a block by curly braces. + +2016-06-06 Werner Koch <wk@gnupg.org> + + gpg: Use --keyid-format=none by default. + + commit 7257ea2d450238afa4d162fab8001f74782fe43f + * g10/gpg.c (main): Init keyid_format to KF_NONE. + * g10/keyid.c (format_keyid): Ditto. + (keystrlen): Ditto. + + gpg: Add option --with-subkey-fingerprint. + + commit 1d1cb86694fb2223de1da0b3bfffb5c62f505847 + * g10/gpg.c (oWithSubkeyFingerprint): New. + (opts): Add --with-subkey-fingerprint[s]. + (main): Set that option. + * g10/options.h (struct opt): Add 'with_subkey_fingerprint'. + * g10/keylist.c (list_keyblock_print): Print subkey fingerprint. + (print_fingerprint): Tweak printing to use compact format if + desirable. + + gpg: Implement --keyid-format=none. + + commit b047388d57443f584f1c1d6333aac5218b685042 + * g10/gpg.c (main): Add option "none" to --keyid-format. + * g10/options.h (KF_NONE): New. + * g10/keyid.c (format_keyid): Implement that. + (keystr): Use format "long" is KF_NONE is in use. + (keystr_with_sub): Ditto. + * g10/keylist.c (list_keyblock_print): Adjust indentaion for KF_NONE. + Factor some code out to ... + (print_key_line): new. + (print_fingerprint): Add mode 20. + * g10/mainproc.c (list_node): Use print_key_line. Replace MAINKEY by + flags.primary in the PK. Fix putting a " revoked..." string into the + colons format. + * g10/pkclist.c (do_edit_ownertrust): Use print_key_line. This + slightly changes the putput format. + * g10/revoke.c (gen_standard_revoke): Use print_key_line. This may + also put "expires: " into the output. + +2016-06-04 Werner Koch <wk@gnupg.org> + + w32: Require --enable-build-timestamp for the BUILD_HOSTNAME. + + commit 79b7a8a9e0d41b743ceaee20dc47294359fe0d44 + * configure.ac (BUILD_HOSTNAME): Set to "<anon>" bey default. + * build-aux/speedo.mk (speedo_pkg_gnupg_configure): Add + --enable-build-timestamp. + +2016-06-02 Werner Koch <wk@gnupg.org> + + gpg: Add the fingerprint to KEY_CREATED for subkeys. + + commit 8d976a6b07c5a356631791b46b590328c1451f31 + * g10/keygen.c (print_status_key_created): Make more robust by + allowing a NULL for PK. + (generate_subkeypair): Use print_status_key_created. + (generate_card_subkeypair): Ditto. + + gpg: Try to use the passphrase from the primary for --quick-addkey. + + commit 1b460f049e5c1c102d8b55ad28781688252c5a6b + * agent/command.c (cmd_genkey): Add option --passwd-nonce. + (cmd_passwd): Return a PASSWD_NONCE in verify mode. + * g10/call-agent.c (agent_genkey): Add arg 'passwd_nonce_addr' and do + not send a RESET if given. + (agent_passwd): Add arg 'verify'. + * g10/keygen.c (common_gen): Add optional arg 'passwd_nonce_addr'. + (gen_elg, gen_dsa, gen_ecc, gen_rsa, do_create): Ditto. + (generate_subkeypair): Use sepeare hexgrip var for the to be created + for hexgrip feature. Verify primary key first. Make use of the + passwd nonce. Allow for a static passphrase. + + gpg: Extend the --quick-gen-key command. + + commit 01285f909e43e8d6a48fbcc77bb5af53d567d8a2 + * g10/keygen.c (quickgen_set_para): Add arg 'use'. + (quick_generate_keypair): Add args 'algostr', 'usagestr', and + 'expirestr'. Implement primary only key mode. + (parse_algo_usage_expire): Set NBITS for the default algo. + * g10/gpg.c (main): Extend --quick-gen-key command. + + gpg: Improve the new parse_subkey_algostr_usagestr fucntion. + + commit dcc4cd83821667be22e502af86139bb4bd41bdf7 + * g10/keygen.c (parse_usagestr): Allow "cert". + (generate_subkeypair): Factor expire parsing out to ... + (parse_subkey_algostr_usagestr): here. Rename to ... + (parse_algo_usage_expire): this. Add arg 'for_subkey'. Set CERT for + primary key and check that it is not set for subkeys. + + gpg: New command --quick-addkey. + + commit 8f2a053a0ffa0430d01a53b4d491a3f0fff683eb + * g10/keygen.c (DEFAULT_STD_SUBKEYUSE): New. + (ask_keysize): Factor code out to ... + (get_keysize_range, fixup_keysize): new. + (parse_parameter_usage): Factor parsing out to ... + (parse_usagestr): new. Allow use of "encr" as alias for "encrypt". + (parse_subkey_algostr_usagestr): New. + (generate_subkeypair): Add new args. Implement unattended mode. + + * g10/keyedit.c (keyedit_quick_sign): Factor some code out to ... + (find_by_primary_fpr): new. + (keyedit_quick_addkey): New. + * g10/gpg.c (aQuickAddKey): New. + (opts): Add --quick-addkey. + (main): Implement. + + gpg: Do not abort on certain invalid packets. + + commit d837f6b0eadb14ea08c1c6030b4d6adaaee8778e + * g10/build-packet.c (write_fake_data): Check for non-opaque data. + * g10/seskey.c (do_encode_md): Return NULL instead of abort. + + common: New function openpgp_is_curve_supported. + + commit 072acb69be55e366e2da921e3953404765fa3928 + * common/openpgp-oid.c: Include openpgpdefs.h. + (oidtable): Add field pubkey_algo. + (openpgp_is_curve_supported): New. + +2016-06-01 NIIBE Yutaka <gniibe@fsij.org> + + g10: Allow User ID length >= 256. + + commit db1ecc8212defdd183abbb6b1407fcc8d2dc9552 + * build-packet.c (do_user_id): Call write_header2 with HDRLEN not set. + +2016-05-31 Werner Koch <wk@gnupg.org> + + gpg: New status code NOTATION_FLAGS. + + commit 67a4bc8d536f6997f14daff4c039abd48a172100 + * common/status.h (STATUS_NOTATION_FLAGS: New. + * g10/packet.h (struct notation): Add flags.human. + (notation_t): New typedef. + * g10/build-packet.c (sig_to_notation): Set flags.human. + * g10/keylist.c (show_notation): Write STATUS_NOTATION_FLAGS. + +2016-05-28 Werner Koch <wk@gnupg.org> + + common: Add a status callback to gnupg_exec_tool_stream. + + commit 239a4d53916b47b5b0f0167a9b2c7a8915bb9c52 + * common/exectool.h (exec_tool_status_cb_t): New. + * common/exectool.c: Include missing exectool.h. + (read_and_log_buffer_t): Replace array by pointer. + (gnupg_exec_tool_stream): Add args 'status_cb' and 'status_cb_value'. + Change all callers to pass NULL for them. Malloc buffer for + FDERRSTATE. + (read_and_log_stderr): Implement status_fd feature. + +2016-05-27 Werner Koch <wk@gnupg.org> + + common: Allow a second input stream for gnupg_exec_tool_stream. + + commit 44a32455c8e41400ea96db4507c8a42bdb65b3b6 + * common/exechelp-posix.c (do_exec): Add arg 'except' and pass to + close_all_fds. + (gnupg_spawn_process): Add arg 'except'. Change callers to pass NULL + for it. + * common/exechelp-w32.c (gnupg_spawn_process): Add dummy arg 'except'. + * common/exechelp-w32ce.c (gnupg_spawn_process): Ditto. + * common/exectool.c (copy_buffer_do_copy): Allow NULL for SINK. + (gnupg_exec_tool_stream): Add arg 'inextra'. Change callers to pass + NULL for it. Allow NULL for OUTPUT. + + common: Simplify the fd closing patch 512c56a. + + commit e6d9a2d07ed7aeac3944d8a7d1317c4a117356b4 + * common/exechelp-posix.c (get_max_fds): Use /proc/self. + + common: Speedup closing fds before an exec. + + commit 512c56af43027149e8beacf259746b8d7bf9b1a2 + * common/exechelp-posix.c [__linux__]: Include dirent.h. + (get_max_fds) [__linux__]: Return the actual used highest fd. + + tools: Improve debug output of rfc822parse. + + commit ad75ca9c963bebbe02aae8d73e199a705764ae82 + * tools/rfc822parse.c (show_event): Add missing events. + + build: Remove obsolete tests for funopen and fopencookie. + + commit d755bcb89dbeaf6c7c1eca73ccabdf89b536c535 + * configure.ac (AC_CHECK_FUNCS): Remove tests for funopen. + + common: Extend gnupg_create_inbound_pipe et al. + + commit 5d991e333a1885adc40abd9d00c01fec4bd5d9d7 + * common/exechelp-posix.c (gnupg_create_inbound_pipe): Add args 'r_fp' + and 'nonblock'. + (gnupg_create_outbound_pipe): Ditto. + * common/exechelp-w32.c (gnupg_create_inbound_pipe): Add non yet + functional args 'r_fp' and 'nonblock'. + (gnupg_create_outbound_pipe): Ditto. + * common/exechelp-w32ce.c (gnupg_create_inbound_pipe): Ditto. + (gnupg_create_outbound_pipe): Ditto. + + common: Make use of default_errsource in exechelp. + + commit 96c7901ec1c79be732570811223d3ea54875abfe + * common/exechelp-posix.c (my_error_from_syserror, my_error): New. + Use them instead of gpg_error and gpg_error_from_syserror. + (create_pipe_and_estream): Remove arg ERRSOURCE and fix use of + OUTBOUND which has a wrong name. Adjust callers. + (gnupg_spawn_process): Remove arg ERRSOURCE and replace by use of + DEFAULT_ERRSOURCE. + * common/exechelp-w32.c (gnupg_spawn_process): Ditto. + * common/exechelp-w32ce.c (gnupg_spawn_process): Ditto. + * common/exectool.c (gnupg_exec_tool_stream): Do not pass + GPG_ERROR_FROM_SYSERROR. + * tools/gpgconf-comp.c (gc_component_check_options): Ditto. + (retrieve_options_from_program): Ditto. + + gpg: Keep current and total of PROGESS status lines small enough. + + commit 6c957c3d880c069bb843cc58fdcebb9fc344727e + * g10/progress.c (progress_filter): Factor status wrote out to... + (write_status_progress): New. Scale values down. + +2016-05-27 NIIBE Yutaka <gniibe@fsij.org> + + configure: Detection of libusb on FreeBSD. + + commit b3e043ba905fdf2efcdadbd7022ac53f4408b748 + * configure.ac (LIBUSB_LIBS): Use LIBUSB_NAME for AC_CHECK_LIB. + +2016-05-25 Werner Koch <wk@gnupg.org> + + build: Switch to new URL for swdb.lst. + + commit 74028096e06d2904f77b74b373750264e5b7b1ea + + +2016-05-24 Werner Koch <wk@gnupg.org> + + gpgtar: Simplify code by using ccparray. + + commit 91bc7833836f19256d56984c94cacf44853ff5c8 + * tools/gpgtar-create.c (gpgtar_create): Use ccparray functions. + * tools/gpgtar-extract.c (gpgtar_extract): Ditto. + * tools/gpgtar-list.c (gpgtar_list): Ditto. + + common: Add simple dynamic array function. + + commit 2421f7f7ed74ed20372efd63a2efd58d3b55005c + * common/ccparray.c: New. + * common/ccparray.h: New. + * common/t-ccparray.c: New. + * common/Makefile.am (common_sources): Add files. + (module_tests): Add test file. + (t_ccparray_LDADD): New. + +2016-05-23 Justus Winter <justus@g10code.com> + + tests: Test the pinentry interactions when exporting keys. + + commit b9d1e099c3ec3163c86afe627ecbe028db1facf6 + * tests/openpgp/export.test: Test pinentry interactions. + + tests: Add support for a passphrase queue to fake pinentry. + + commit 4994153924e0948a657edddaef54a39a6001beff + * tests/openpgp/fake-pinentry.c (get_passphrase): New function. + (main): Add option --passphrasefile and read passphrases from it. + + tests: Add logging to fake pinentry. + + commit 41b10c66ec1dd33633386f4fc8013ddeab7737ca + * tests/openpgp/fake-pinentry.c (log_stream): New variable. + (reply): New function. + (spacep,skip_options,option_value): Copy from common. + (main): Parse arguments, add --logfile option, write logfile. + + tests: Add export test. + + commit a54e89a58576108fcae10ceeb4fc65822aecc170 + * tests/openpgp/Makefile.am (TESTS): Add new file. + * tests/openpgp/export.test: New file. + +2016-05-21 Werner Koch <wk@gnupg.org> + + gpg: Speed up key listing in Tofu mode. + + commit 78bb08425af5b1edb7f3ef0119013529b3a9e4ba + * g10/tofu.c (get_trust): Add arg PK. Uses this instead of a an extra + lookup of the public key by fingerrpint. + (tofu_register): Pass PK to get_trust. + (tofu_get_validity): Ditto. + + *g10/tofu.c (tofu_register): Remove unused FINGERPRINT_PP. + + gpg: Avoid name spaces clash with future sqlite versions. + + commit b1ba460d8f3358342c2ee2927114d36e767a439f + * g10/sqlite.c: Rename to gpgsql.c. Change function prefixes to + gpgsql_. + * g10/sqlite.h: Rename to gpgsql.h. + * g10/tofu.c: Adjust for changes. + + gpg: Explicitly close a combined Tofu DB. + + commit 006a6126131ffd59d9a47889ac031f932ecc5d0b + * g10/tofu.c (tofu_closedbs): Close combined DB. + + gpg: Store the Tofu meta handle for databases in CTRL. + + commit 754b1c463034a634a678d8efc76c27fd46aad9b9 + * g10/gpg.h (struct tofu_dbs_s, tofu_dbs_t): New declarations. + (struct server_control_s): Add field tofu.dbs. + * g10/tofu.c (struct dbs): Rename to tofu_dbs_s. Replace all users by + by tofu_dbs_t. + (opendbs): Add arg CTRL. Cache the DBS in CTRL. + (closedbs): Rename to tofu_closedbs and make global. Add arg CTRL. + (tofu_register): Add arg CTRL. Change all callers. Do not call + closedbs. + (tofu_get_validity): Ditto. + (tofu_set_policy): Ditto. + (tofu_get_policy): Ditto. + (tofu_set_policy_by_keyid): Add arg CTRL. + * g10/gpg.c (gpg_deinit_default_ctrl): Call tofu_closedbs. + + gpg: Pass CTRL object down to the trust functions. + + commit 027c4e55522b8e18711a3331932a9869ab89ca26 + + + gpg: Fix the TOFU_STATS_LONG status. + + commit fd973ee1c18aa8fe764e09ba4dff589309b2d78d + * g10/tofu.c (show_statistics): Print TOFU STATS with formatting + characters. + +2016-05-19 Werner Koch <wk@gnupg.org> + + gpg: Print "[ never ]" instead of err for validity. + + commit 437c97ab6a34ff1936001dd05209193b4466a81d + * g10/trust.c (uid_trust_string_fixed): Handle NEVER. + +2016-05-18 Werner Koch <wk@gnupg.org> + + dirmngr: Adjust the WKD lookup to specs version -01. + + commit cf97769906337d65289ad58225a5ecc53c715550 + * dirmngr/server.c (cmd_wkd_get): Remove second occurrence of the + domain part. + +2016-05-17 Werner Koch <wk@gnupg.org> + + gpg: Emit new status line KEY_CONSIDERED. + + commit ff71521d9698c7c5df94831a1398e948213af433 + * common/status.h (STATUS_KEY_CONSIDERED): New. + * g10/getkey.c: Include status.h. + (LOOKUP_NOT_SELECTED, LOOKUP_ALL_SUBKEYS_EXPIRED): New. + (finish_lookup): Add arg R_FLAGS. Count expired and revoked keys and + set flag. Check a requested usage before checking for expiraion or + revocation. + (print_status_key_considered): New. + (lookup): Print new status. + +2016-05-11 NIIBE Yutaka <gniibe@fsij.org> + + g10: Fix signature checking. + + commit 83a90a916e8e2f8e44c3b11d11e1dd75f65a87fb + * g10/sig-check.c (check_signature_over_key_or_uid): Fix call to + walk_kbnode. + +2016-05-10 Werner Koch <wk@gnupg.org> + + gpg: Allow unattended deletion of secret keys. + + commit ac9ff644b12c4dfa55d466af8ae6af54d1646893 + * agent/command.c (cmd_delete_key): Make the --force option depend on + --disallow-loopback-passphrase. + * g10/call-agent.c (agent_delete_key): Add arg FORCE. + * g10/delkey.c (do_delete_key): Pass opt.answer_yes to + agent_delete_key. + +2016-05-09 Werner Koch <wk@gnupg.org> + + gpg: Fix buglet in the check_all_keysigs function. + + commit 693838f0125d5d0c963fa3771b1bd117702af697 + * g10/keyedit.c (sig_comparison): Actually compare the pubkey + algorithms. + + gpg: Request a "save" after cmd "check" fixed something. + + commit d33b35f7481caa0dcb25f9fa7d6c5bb27895297a + * g10/keyedit.c (keyedit_menu) <cmdCHECK>: Set modified. + +2016-05-09 NIIBE Yutaka <gniibe@fsij.org> + + po: Update Japanese translation. + + commit ff870d59f067d3c5415e231c02a50d5dceac7e48 + + +2016-05-04 Werner Koch <wk@gnupg.org> + + Release 2.1.12. + + commit 00df5b1236cac5c7a48638a4613278c5aab486f8 + + + speedo,w32: Remove the installation directory page. + + commit fb1e9df48465c2f77a65dddd257572fdc79d9450 + * build-aux/speedo/w32/inst.nsi (MUI_PAGE_DIRECTORY): Remove. + + gpg: Fix const char pointer mismatch with gettext. + + commit 920b1421b35d1404b8360bd8feac0be659840543 + * g10/tofu.c (get_trust): Use const char *. + + speedo: Build sqlite with static-libgcc. + + commit edce430b039b313cc2d79402a7bd21347490c3be + * build-aux/speedo/patches/sqlite.patch: New. + * Makefile.am (EXTRA_DIST): Add file. + + speedo: Also try patch files w/o version number. + + commit 9ea258fa5b45bb5454ee3f5906df5d5eebdec0dd + * build-aux/speedo.mk (SPKG_template): Try such a patch file. + +2016-05-04 Andre Heinecke <aheinecke@intevation.de> + + speedo,w32: Install sqlite. + + commit 2b78223d7587c68e2e27a3d7b365219228da7947 + * build-aux/speedo/w32/inst.nsi (-sqlite, -un.sqlite): New. + + speedo,w32: Fix uninstallation. + + commit 5ec76fd0c300b52366cf8d1407fe1c8de3a8a9d4 + * build-aux/speedo/w32/inst.nsi (-un.gnupg): Delete distsigkey and + dirmngr-conf.skel + + speedo,w32: Install localisation. + + commit 3f58fc64666101e160e9b13fedb6cdaebeb91a7a + * build-aux/speedo/w32/inst.nsi (-libgpg-error, GnuPG): Install l10n. + (-un.libgpg-error, -un.gnupg): Uninstall l10n files. + +2016-05-04 Werner Koch <wk@gnupg.org> + + tests: Disable the migrations tests. + + commit d696eb396a9c88319358da4333feb653994d5408 + * tests/Makefile.am (SUBDIRS): Remove migrations. + * configure.ac (AC_CONFIG_FILES): Remove migrations Makefile. + +2016-05-04 Ineiev <ineiev@gnu.org> + + po: Update Russian translation. + + commit 4fd13ab78dd228d8ff85659cddc2076af8728ebe + + +2016-05-04 Werner Koch <wk@gnupg.org> + + po: Update German translation. + + commit 75f31cdd42eed3555952ac478055d52af841f702 + + + Some minor string changes and fixed a printf format. + + commit d00625dae60f26617d2e1bd4f22c6b35a4e92c91 + * g10/build-packet.c (notation_value_to_human_readable_string): Use + %zu for size_t. + + build: Update config.{guess,sub} to 2016-04-02 and 2016-03-30. + + commit 04cc7c3786d91881f83a72799dab058476602a31 + * build-aux/config.guess: Update. + * build-aux/config.sub: Update. + + agent: Make --allow-loopback-pinentry the default. + + commit 3ef0938cfd8637e9801369f142eb8dd564f2ca61 + * agent/gpg-agent.c (oNoAllowLoopbackPinentry): New. + (opts): Add --no-allow-loopback-pinentry. Hide + description of --allow-loopback-pinentry. + (parse_rereadable_options): Set opt.allow_loopback_pinentry by + default. + (main): Replace allow-loopback-pinentry by no-allow-loopback-pinentry + in the gpgconf list. + * tools/gpgconf-comp.c (gc_options_gpg_agent): Ditto. + +2016-05-03 Werner Koch <wk@gnupg.org> + + common: Print https URLs in help messages. + + commit 9e28617e260261de3972c20698b5a01561330e1c + * common/argparse.c (strusage): Print https URLS. + + tests: Silence output of some tests. + + commit 33aacc3d4bbd6a82d7e7ceca058970879741b7da + * common/t-exechelp.c (print_open_fds): Silence non-verbose output. + (test_close_all_fds): Ditto. + * common/t-session-env.c (show_stdnames): Indent output. + * g10/test.c (TEST): Silence non-verbose okay output. + (exit_tests): Ditto. + * tools/gpg-zip.in (tar_verbose_opt): Add option --quiet. + * tests/openpgp/gpgtar.test (GPGZIP): Pass option --quiet. + * tests/openpgp/mds.test: Indent MD5 notice. + * tests/openpgp/version.test: Indent --version output. + + gpg: Emit status lines TOFU_STATS and TOFU_STATS_LONG. + + commit 83865be35cff5355a5c4575cc3b50609819b0baa + * g10/tofu.c (NO_WARNING_THRESHOLD): Rename to BASIC_TRUST_THRESHOLD. + (FULL_TRUST_THRESHOLD): New. + (write_stats_status): New. + (show_statistics): Call new function. Print TOFU_STATS_LONG. + +2016-05-02 Werner Koch <wk@gnupg.org> + + gpg: Extend TRUST_foo status lines with the trust model. + + commit ae1889320b822d48f7118a29391605e9ac992701 + * g10/trustdb.h (TRUST_FLAG_TOFU_BASED): New. + * g10/trustdb.c (trust_model_string): Lowercase the strings. Add arg + "model" and change callers to call with OPT.TRUST_MODEL. + * g10/tofu.c (tofu_wot_trust_combine): Set TRUST_FLAG_TOFU_BASED. + * g10/pkclist.c (write_trust_status): New. + (check_signatures_trust): Call new function. + + gpg: Improve line wrapping for a tofu message. + + commit 5cef6118580fe658a27d32e85696d88775ad417a + * g10/tofu.c (time_ago_str): Mark non-breakable spaces. + (show_statistics): Remove marks. + + gpg: Re-format some tofu messages. + + commit d73e83c3b678add11a5754e199e528aeb39ec8ce + * common/status.h (STATUS_TOFU_USER, STATUS_TOFU_STATS) + (STATUS_TOFU_STATS_SHORT, STATUS_TOFU_STATS_LONG): New. + * g10/tofu.c (NO_WARNING_THRESHOLD): New. + (record_binding, tofu_register): Take care of --dry-run. + (show_statistics): Print STATUS_TOFU_USER. Reformat some messages. + Fix the ngettext/strcmp thing. Use log_string instead of log_info. + Use NO_WARNING_THRESHOLD constant. + (get_trust): Use format_text and print a compact fingerprint. + +2016-05-02 NIIBE Yutaka <gniibe@fsij.org> + + scd: More fix of error return path. + + commit 6677d8b61446eb5760a30a2488c992d6e895a9ed + * scd/command.c (open_card): Return GPG_ERR_ENODEV on the failure of + apdu_connect. + +2016-04-29 Werner Koch <wk@gnupg.org> + + common: Extend log_string to indent lines. + + commit 35f4b6aafdf1889ed1ae569af5852f47738fe993 + * common/logging.c (do_logv): Add indentation when called via + log_string. + + gpg: Factor some code code out of tofu.c. + + commit dcad99c98616a6031ddfde313c920339e4012378 + * g10/tofu.c (string_to_long): New. + (string_to_ulong): New. + (get_single_unsigned_long_cb): Replace strtol/strtoul by new function. + (get_single_long_cb): Ditto. + (signature_stats_collect_cb): Ditto. + (get_policy): Ditto. + (show_statistics): Ditto. Uese es_free instead of free. + + gpg: Remove all assert.h and s/assert/log_assert/. + + commit 64bfeafa52a5ed3fa82bdc0ce7ef0edddeef188c + + + common: Improve log_assert. + + commit 9740dff9f4d18ba764dc7173d4902e94e3f0c2e8 + * common/logging.c (bug_at): Do not i18n the string. + (_log_assert): New. + * common/logging.h (log_assert): Use new function and pass line + information. + +2016-04-28 NIIBE Yutaka <gniibe@fsij.org> + + scd: Fix error return path. + + commit cb4fee8bb645745ff199f7428e19226d5bc63dab + * scd/ccid-driver.c (bulk_in): Remove EAGAIN handling. + Handle LIBUSB_ERROR_NO_DEVICE to return CCID_DRIVER_ERR_NO_READER. + +2016-04-27 NIIBE Yutaka <gniibe@fsij.org> + + scd: Fix memory leaks. + + commit 508b0deb70d39d388149be9a63fab24cc956a239 + * scd/ccid-driver.c (scan_or_find_usb_device): Return on + LIBUSB_ERROR_NO_MEM. Free CONFIG before return except on error. + (scan_or_find_devices): Free device list. + +2016-04-27 Werner Koch <wk@gnupg.org> + + gpg: Add experimental AKL method "wkd" and option --with-wkd-hash. + + commit 87de9e19edf0311ca0342e15ef44ebe40e32861e + * g10/getkey.c (parse_auto_key_locate): Add method "wkd". + (get_pubkey_byname): Implement that method. Also rename a variable. + * g10/call-dirmngr.c (gpg_dirmngr_wkd_get): New. + * g10/keyserver.c (keyserver_import_wkd): New. + * g10/test-stubs.c (keyserver_import_wkd): Add stub. + * g10/gpgv.c (keyserver_import_wkd): Ditto. + * g10/options.h (opt): Add field 'with_wkd_hash'. + (AKL_WKD): New. + + * g10/gpg.c (oWithWKDHash): New. + (opts): Add option --with-wkd-hash. + (main): Set that option. + * g10/keylist.c (list_keyblock_print): Implement that option. + + dirmngr: Add experimental command WKD_GET. + + commit c83c6f212e9bc98a9ea8dd8102bc16edd1a03050 + * dirmngr/server.c (cmd_wkd_get): New. + (register_commands): Add command WKD_GET. + + dirmngr: Use system provided root CAs with KS_FETCH. + + commit c3aeda82b8d00b87a5af72b4075c487c10dfdf6b + * dirmngr/ks-engine-http.c (ks_http_fetch): Use HTTP_FLAG_TRUST_SYS. + +2016-04-26 Werner Koch <wk@gnupg.org> + + http: Allow to request system defined CAs for TLS. + + commit fd765df6a7883c3d841abeb657330a1aab4b7756 + * dirmngr/http.h (HTTP_FLAG_TRUST_DEF, HTTP_FLAG_TRUST_SYS): New. + * dirmngr/http.c (http_session_new): Add arg "flags". + * dirmngr/ks-engine-hkp.c (send_request): Use new flag + HTTP_FLAG_TRUST_DEF for the new arg of http_session_new. + * dirmngr/ks-engine-http.c (ks_http_fetch): Ditto. + * dirmngr/t-http.c (main): Ditto. + +2016-04-25 Werner Koch <wk@gnupg.org> + + common: Minor fixes for the new private-keys.c. + + commit b7fa4960c292ef1a290d32b7f46bb741bbfc0923 + * common/private-keys.c (my_error_from_syserror): New. Use it in + place of gpg_error_from_syserror. + (_pkc_add, pkc_lookup, pke_next_value): Use ascii_strcasecmp. + (pkc_parse): Use xtrystrdup and append_to_strlist_try as intended. + + (_pkc_add): Add braces around if-statement. + + common: Use new function to print a failure of xtrymalloc. + + commit 8776abbe02935e720018f3ef6ffd48f21435ff8b + * common/miscellaneous.c (xoutofcore): New. + * common/strlist.c (append_to_strlist): Use instead of abort. + (append_to_strlist_try): Use xtrymalloc instead of xmalloc. + +2016-04-21 Justus Winter <justus@g10code.com> + + common: Add support for the new extended private key format. + + commit 12af2630cf4d1a39179179925fac8f2cce7504ff + * agent/findkey.c (write_extended_private_key): New function. + (agent_write_private_key): Detect if an existing file is in extended + format and update the key within if it is. + (read_key_file): Handle the new format. + * agent/keyformat.txt: Document the new format. + * common/Makefile.am: Add the new files. + * common/private-keys.c: New file. + * common/private-keys.h: Likewise. + * common/t-private-keys.c: Likewise. + * common/util.h (alphap, alnump): New macros. + * tests/migrations: Add test demonstrating that we can cope with the + new format. + + common: Add 'free_strlist_wipe' which wipes memory. + + commit c6d1f2f08c68efe7e80887219064a8ce6365128f + * common/strlist.c (free_strlist_wipe): New function. + * common/strlist.h (free_strlist_wipe): New prototype. + + common: Add 'append_to_strlist_try' which can fail. + + commit 95303ee11df12f284e98d02dba993eda9e425383 + * common/strlist.c (append_to_strlist): Use the new function. + (append_to_strlist_try): New function. + * common/strlist.h (append_to_strlist_try): New prototype. + + agent: Convert key format document to org. + + commit 342cc488890241b41e49f50886617115342721d6 + * agent/keyformat.txt: Convert to org mode. + + tests: Make migration test more robust and silent. + + commit 0c35e09278514f1e3377a4b0a9b1f44dd39b1bf4 + * tests/migrations/from-classic.test: Fix in-tree build, silence test. + +2016-04-21 Werner Koch <wk@gnupg.org> + + w32: Use --enable-gpg2-is-gpg by default. + + commit d81de224ecd542922dda649a492dd9550509d7bc + * autogen.rc: Add option also for plain Windows. + + w32: Replace libiconv DLL by iconv feature of libgpg-error. + + commit bd4d65615b3a5360d455b99e77bd113ad90f1539 + * configure.ac: Do nor require libiconv for W32. + * common/utf8conv.c [W32]: Do not incluce iconv.h. Request + libgpg-error iconv macros. + (jnlib_iconv): Use ICONV_CONST macro. + * build-aux/speedo/w32/inst.nsi [!WITH_GUI]: Do not install libiconv. + * build-aux/speedo.mk (speedo_spkgs) [!WITH_GUI]: Likewise. + +2016-04-20 Justus Winter <justus@g10code.com> + + agent: Sanitize permissions of the private key directory. + + commit f8adf1a3234655877a4f985d627d98567507002c + * agent/gpg-agent.c (create_private_keys_directory): Set permissions. + * common/sysutils.c (modestr_to_mode): New function. + (gnupg_mkdir): Use new function. + (gnupg_chmod): New function. + * common/sysutils.h (gnupg_chmod): New prototype. + * tests/migrations/from-classic.test: Test migration with existing + directory. + + tests: Test the migration from a classic GnuPG home directory. + + commit defbc70b4a16264e067daf76678ecfb9d030dee4 + * configure.ac: Add new directory. + * tests/Makefile.am (SUBDIRS): Likewise. + * tests/migrations/Makefile.am: New file. + * tests/migrations/from-classic.gpghome/pubring.gpg.asc: Likewise. + * tests/migrations/from-classic.gpghome/secring.gpg.asc: Likewise. + * tests/migrations/from-classic.gpghome/trustdb.gpg.asc: Likewise. + * tests/migrations/from-classic.test: Likewise. + +2016-04-20 Werner Koch <wk@gnupg.org> + + speedo: Use swdb.lst to define the SQLite version. + + commit 2385b9f1ddc4938e45c01a12a804f4b77d253305 + * build-aux/speedo.mk: Change sqlite to use our mirror and the + swdb.lst file. + * build-aux/speedo/w32/inst.nsi: gpg is now build and installed as + gpg. + +2016-04-19 Werner Koch <wk@gnupg.org> + + gpg: Improve UID selction of --quick-sign-key. + + commit d02de6c0a4a55a2720cfa5caddcbfc4ce988a2ec + * g10/keyedit.c (keyedit_quick_sign): Improve UID selection and print + error for non-found userids. + + gpg: Avoid debug like output at start of --edit-key. + + commit 085b19fc9aa7f2f9b82a97824b117e71390964ec + * g10/keyedit.c (check_all_keysigs): Print info only after something + has been modified. + +2016-04-15 Andre Heinecke <aheinecke@intevation.de> + + dirmngr: Fix https never reported in general help. + + commit 6272f24312f2efe8707a7712858c85cd5a42e6fa + * dirmngr/ks-engine-http.c (ks_hkp_help): Also print https + when supported and no uri provided. + + dirmngr: Fix https incorrectly reported in help. + + commit a0642856b25622c81d3464979c47ff2a30af58fa + * dirmngr/ks-engine-http.c (ks_hkp_help): Only print https if tls + is supported. + +2016-04-14 Werner Koch <wk@gnupg.org> + + agent: Fix regression due to recent commit 4159567. + + commit 8c3fb2360f154a971d2a390e4937acb22a44a8c2 + * agent/protect.c (do_encryption): Fix CBC hashing. + + agent: Allow gpg-protect-tool to handle openpgp-native protection. + + commit 6df75ec70afeb1a5ad9a00557e1245e1514c37b5 + * agent/protect-tool.c (read_and_unprotect): Add arg ctrl and pass to + agent_unprotect. + (main): Allocate a simple CTRL object and pass it to + read_and_unprotect. + (convert_from_openpgp_native): Remove stub. + (agent_key_available, agent_get_cache): New stubs. + (agent_askpin): New emulation for the one in call-pinentry.c. + (agent_write_private_key): New to dump key. + * agent/Makefile.am (gpg_protect_tool_SOURCES): Add cvt-openpgp.c + + tests: Set fake-pinentry's stdout and stdin to _IOLBF. + + commit 94504b3d5af126abb591dedda1ca0f0970822f55 + * tests/openpgp/fake-pinentry.c (main): Call setvbuf. Show passphrase + at startup. Increase buffer. + +2016-04-12 Werner Koch <wk@gnupg.org> + + agent: Implement new protection mode openpgp-s2k3-ocb-aes. + + commit 4159567f7ed7a1139fdc3a6c92988e1648ad84ab + * agent/protect.c (agent_protect): Add arg use_ocb. Change all caller + to pass -1 for default. + * agent/protect-tool.c: New option --debug-use-ocb. + (oDebugUseOCB): New. + (opt_debug_use_ocb): New. + (main): Set option. + (read_and_protect): Implement option. + + * agent/protect.c (OCB_MODE_SUPPORTED): New macro. + (PROT_DEFAULT_TO_OCB): New macro. + (do_encryption): Add args use_ocb, hashbegin, hashlen, timestamp_exp, + and timestamp_exp_len. Implement OCB. + (agent_protect): Change to support OCB. + (do_decryption): Add new args is_ocb, aadhole_begin, and aadhole_len. + Implement OCB. + (merge_lists): Allow NULL for sha1hash. + (agent_unprotect): Change to support OCB. + (agent_private_key_type): Remove debug output. + + indent: Help Emacs not to get confused by conditional compilation. + + commit 7faf131c8b8710419df3dc13a1228d1977c55f53 + * agent/protect.c (calibrate_get_time) [W32]: Use separate function + calls for W32 and W32CE. + +2016-04-07 Justus Winter <justus@g10code.com> + + g10: Fix exporting secret keys of certain sizes. + + commit 02cf1357dd5ee34a57371f55b9d312b8b9e3a7e8 + * g10/build-packet.c (do_key): Do not use the header length specified + by the public key packet from the keyring, but let 'write_header2' + compute the required length. + +2016-04-06 Justus Winter <justus@g10code.com> + + Revert "g10: Support armored keyrings in gpgv." + + commit 76ca869197e304daa5a8dd96ea43113ec7b28354 + This reverts commit abb352de51bc964c06007fce43ed6f6caea87c15. + +2016-04-05 Justus Winter <justus@g10code.com> + + dirmngr: Autodetect PEM format in dirmngr-client. + + commit 9354293b8c9f234939bc04182f15e2fe512e914e + * dirmngr/dirmngr-client.c (init_asctobin): New function. + (main): Move the initialization code to the new function. + (read_pem_certificate): Initialize base64 table. + (read_certificate): Try to decode certificates given in files as PEM + first. + +2016-04-05 Werner Koch <wk@gnupg.org> + + build: Fix for: Build gpgcompose only in maintainer mode. + + commit f45ed07a0fffa3adbc75b9d5726108a066927599 + * g10/Makefile.am (noinst_PROGRAMS): Always add module_tests. + + doc: Install gpg and gpgv man pages under the correct name. + + commit 4dc4fb1c14b3096bb1cdc5923c0d1eb419036805 + * doc/mkdefsinc.c (main): Add double include guard. Set variable + gpgtwohack. Define macros gpgname and gpgvname. + * doc/gpg.texi: Remove macro definition for gpgname. Use Texinfo var + gpgtwohack to prepare the man pages. Use @gpgname everywhere. + * doc/gpgv.texi: Likewise. + * doc/Makefile.am (myman_pages): Remove gpg2.1 and gpgv2.1 but add + them depending on USE_GPG2_HACK. + + build: Build gpgcompose only in maintainer mode. + + commit 4b5341dc333983a15f649601fdddc42ba9161433 + * g10/Makefile.am (noinst_PROGRAMS): Add gpgcompose only in maintainer + mode. + + gpg: Replace use of "gpg2" by GPG_NAME. + + commit 7b58a1118d98543ed6854447d7b403877638ba54 + + +2016-04-04 Werner Koch <wk@gnupg.org> + + Now build "gpg" binary but install as "gpg2" + + commit 96bcd4220f1f1313afe12097d8dc62342ac8de0d + * configure.ac (USE_GPG2_HACK): New ac_define am_conditional. + * common/homedir.c (gnupg_module_name): Replace use of macro + NAME_OF_INSTALLED_GPG. + * g10/keygen.c (generate_keypair): Ditto. + * g10/Makefile.am (bin_PROGRAMS): Remove. + (noinst_PROGRAMS): Add gpg or gpg2 and gpgv or gpg2. + (gpg2_hack_list): New. + (use_gpg2_hack): New. + (gpg2_SOURCES): Rename to gpg_SOURCES. + (gpgv2_SOURCES): Rename to gpgv_SOURCES. + (gpg2_LDADD): Rename to gpg_LDADD. + (gpgv2_LDADD): Rename to gpgv_LDADD. + (gpg2_LDFLAGS): Rename to gpg_LDFLAGS. + (gpgv2_LDFLAGS): Rename to gpgv2_LDFLAGS. + (install-exec-hook): Remove WinCE specific rules and add new rules. + (uninstall-local): Uninstall gpg/gpg2 and gpgv/gpgv2. + * tests/openpgp/Makefile.am (required_pgms): s/gpg2/gpg/. + * tests/openpgp/defs.inc: Ditto. + * tests/openpgp/gpgtar.test: Ditto. + * tests/openpgp/mkdemodirs: Ditto. + * tests/openpgp/signdemokey: Ditto. + + * Makefile.am (DISTCHECK_CONFIGURE_FLAGS): Remove obsolete + --enable-mailto, add --enable-gpg2-is-gpg. + + tests: Add missing file. + + commit c6ed863491ec3a1e0fcf9cbe2c93c87468306c29 + * tests/openpgp/Makefile.am (TEST_FILES): Add plain-largeo.asc. + +2016-04-04 Justus Winter <justus@g10code.com> + + g10: Support armored keyrings in gpgv. + + commit abb352de51bc964c06007fce43ed6f6caea87c15 + * doc/gpgv.texi: Document the feature. + * g10/Makefile.am (gpgv2_SOURCES): Add dearmor.c. + * g10/dearmor.c (dearmor_file): Add sink argument. + * g10/gpg.c (main): Adapt accordingly. + * g10/gpgv.c (make_temp_dir): New function. + (main): De-armor keyrings. + * g10/main.h (dearmor_file): Adapt prototype. + + tests: Fix default key test. + + commit dd5902cc45bae7582f8a0bc91a0a7f4d8ae45d8c + * tests/openpgp/default-key.test: Avoid using the option + '--trust-model' unconditionally. + +2016-04-01 Justus Winter <justus@g10code.com> + + build: Check for conflicting trust model options. + + commit 6060ea898fda499211c9d5030fff41d58f899fb0 + * configure.ac: Disable TOFU if configured without trust models, and + check for conflicting options. + + g10: Remove option --always-trust if compiled without trust models. + + commit b74185b6eaeaae4754726ff203e11977777f568c + * g10/gpg.c (opts): Remove option --always-trust if compiled without + trust models. + +2016-03-31 Justus Winter <justus@g10code.com> + + speedo,w32: Build libsqlite3. + + commit e7171f559590422cc52dbcb8d78d94569b31012f + * build-aux/speedo.mk (speedo_spkgs): Add libsqlite3 on w32. + (libsqlite3_ver): New variable. + (speedo_pkg_libsqlite3_tar): Likewise. + + g10: Use gpg-error abstraction of sched_yield. + + commit 8be9dab2dd2f83ca922c01542c63b404e34bdfd9 + * g10/tofu.c (begin_transaction): Use 'gpgrt_yield'. + +2016-03-29 Werner Koch <wk@gnupg.org> + + gpg: Fix NULL-segv for missing tofu DB. + + commit e2c5781788f765815532410a77077ddbb72513e9 + * g10/tofu.c (opendb): Guard call to timeout function. + +2016-03-22 Werner Koch <wk@gnupg.org> + + gpg: Improve message when asking for key capabilities. + + commit fc30c079a348436868968850dabf653b91f82419 + * g10/keygen.c (ask_key_flags): Improve message. + + gpg: Remove the extra prompt for Curve25519. + + commit 7f919063d3e426104fe58ae779a9a066140014c1 + * g10/keygen.c (MY_USE_ECDSADH): New macro local to ask_curve. + (ask_curve): Use a fixed table of curve names and reserve a slot for + Curve448. Simplify CurveNNNN/EdNNNN switching. + (ask_curve): Remove the Curve25519 is non-standard prompt. + +2016-03-19 Werner Koch <wk@gnupg.org> + + gpg: Silence trustdb computation with --quiet. + + commit af9a4afbf0b518c8acff98e50135b2beb6c722c3 + * g10/trustdb.c (validate_keys): Do not print log_info stuff in quiet + mode. + +2016-03-17 Werner Koch <wk@gnupg.org> + + sm: Always create a keybox header when creating a new keybox. + + commit 1aad5c6277ea3852ff57bbf680f61c9136ce4d5c + * sm/keydb.c (maybe_create_keybox): Create the header blob. + +2016-03-17 Neal H. Walfield <neal@g10code.com> + + doc: Improve documentation of --enable-large-rsa. + + commit 1dc7f55a4095ee42ce2d8c3eb41b7162edf2ca2e + * doc/gpg.texi (--enable-large-rsa): Improve text. + +2016-03-17 NIIBE Yutaka <gniibe@fsij.org> + + agent: allow removal of the shadowed key. + + commit 8588c2dbc4c4d1b53796f3dbe8489b932dca7a60 + * agent/findkey.c (agent_delete_key): Remove the key when asked. + +2016-03-16 NIIBE Yutaka <gniibe@fsij.org> + + g10: Add const qualifier. + + commit b752d2c93778e6a1c1de3eddf8fc725b0ddd354e + * g10/gpgcompose.c (show_help): Those are strings not to be modified. + +2016-03-15 Werner Koch <wk@gnupg.org> + + gpg: Do not rely on a certain evaluation order. + + commit 60b34f96f4f390670462d719c0d797e622cee4d4 + * g10/keyedit.c (print_and_check_one_sig): Call check_key_signature + before derefing IS_SELFSIG. + +2016-03-14 Werner Koch <wk@gnupg.org> + + scd: Add manufacturer id 0x000a. + + commit 834b84c0ee4990393daa5e44afbab5b0aaed0758 + * g10/card-util.c (get_manufacturer): Add it. + +2016-03-10 Kevin J. McCarthy <kevin@8t8.us> + + g10: Silence message if --quiet is given. + + commit 4f578cb2fc192f44070bb0d18dffaa3863ed0d92 + * g10/getkey.c (parse_def_secret_key): Silence message if --quiet is + given. + +2016-03-08 Neal H. Walfield <neal@g10code.com> + + gpg: Add a new test. + + commit b17577eac6b7599a4bab6fd3ecb04715aa01367c + * g10/Makefile.am (EXTRA_DIST): Add t-stutter-data.asc. + (module_tests): Add t-stutter. + (t_stutter_SOURCES): New variable. + (t_stutter_LDADD): New variable. + +2016-03-07 Justus Winter <justus@g10code.com> + + sm: Implement pinentry loopback and reading passphrases from fd. + + commit eea139c56ef55081d8cd8df2a35ce507386e0f17 + * doc/gpgsm.texi: Document '--pinentry-mode' and '--passphrase-fd'. + * sm/Makefile.am (gpgsm_SOURCES): Add new files + * sm/call-agent.c (struct default_inq_parm_s): New definition. + (start_agent): Pass in the pinentry mode. + (default_inq_cb): Handle 'PASSPHRASE' and 'NEW_PASSPHRASE' inquiries. + Adapt all call sites to the new callback cookie. + * sm/gpgsm.c (cmd_and_opt_values): Add new values. + (opts): Add new options. + (main): Handle new options. + * sm/gpgsm.h (struct opt): Add field 'pinentry_mode'. + * sm/passphrase.c: New file. + * sm/passphrase.h: Likewise. + + sm: Remove unused argument '--fixed-passphrase'. + + commit 53ed98eda77ff2dcf390cebd0cec9f2665661863 + * doc/gpgsm.texi: Drop description. + * sm/gpgsm.c (cmd_and_opt_values): Drop enum value. + (opts): Drop argument. + (main): Drop argument handling. + * sm/gpgsm.h (struct opt): Drop field 'fixed_passphrase'. + + kbx: Avoid undefined behavior. + + commit a68ca5a90457ac97eee4efd7fdea596d27c54697 + * kbx/keybox-file.c (_keybox_read_blob2): Cast to unsigned int before + shifting. + +2016-03-07 NIIBE Yutaka <gniibe@fsij.org> + + scd: Bug fix for a device with multiple interfaces. + + commit 7a32f87cccddb40521bfdd4eb2d0dc9c88fb3fe5 + * scd/ccid-driver.c (scan_or_find_usb_device): Use IFC_NO when + accessing interface information. + +2016-03-04 Justus Winter <justus@g10code.com> + + build: Make libusb a hard requirement if the ccid driver is requested. + + commit e997552161b2dd8aabf350adee14e208e1545aef + * configure.ac: Print an error message and die if the internal ccid + driver is requested but no suitable libusb is found. + + g10: Drop superfluous declaration. + + commit 1e4b7823008daea1a22a6f0f9b379fdec37a4cd4 + * g10/main.h (disable_core_dumps): Drop declaration. + + g10: Guard code against errors. + + commit 40f6529ceeea806fc011135a9fa3a3590a9534ac + * g10/keygen.c (do_generate_keypair): Check for errors, in which case + 'pri_psk' is NULL. + +2016-03-03 Justus Winter <justus@g10code.com> + + dirmngr: Add more missing CFLAGS. + + commit 9f0ba5089e664447c36cee3d9249f95e4ea39957 + * dirmngr/Makefile.am (t_ldap_parse_uri_CFLAGS): Add + 'GCRYPT_CFLAGS'. + (t_dns_stuff_CFLAGS): Likewise. + + tests/openpgp: Skip gpgtar test if it has not been built. + + commit a883d4c0f8125e809c144ec69e76c9f522102d8f + * tests/openpgp/gpgtar.test: Check if executable exists. + +2016-03-02 Neal H. Walfield <neal@g10code.com> + + gpg: Add new program gpgcompose. + + commit d040628ddf2c09ddc9581ff365680a568ad24278 + * g10/packet.h: Include "util.h". + * g10/encrypt.c (encrypt_seskey): Don't mark as static. + * g10/gpgcompose.c: New file. + * g10/Makefile.am (noinst_PROGRAMS): Add gpgcompose. + (gpg2_SOURCES): Split everything but gpg.c into... + (gpg_sources): ... this new variable. + (gpgcompose_SOURCES): New variable. + (gpgcompose_LDADD): Likewise. + (gpgcompose_LDFLAGS): Likewise. + + gpg: More robustly detect valid non-armored OpenPGP messages. + + commit 605276ef8cd449bfd574ae6c498fa5d7d265c5c7 + * g10/armor.c (is_armored): More robustly detect valid non-armored + OpenPGP messages. + + common: Provide a function for mapping packet types to strings. + + commit 24e0f1d56e6f56e7fb52b5c6bdb100131e12dfe3 + * common/openpgpdefs.h (pkttype_str): New function. + + gpg: Rename pop_filter to iobuf_pop_filter and export it. + + commit 1463f9b9624fae97cc89df3aa4546655ee893f7c + * common/iobuf.c (pop_filter): Rename from this... + (iobuf_pop_filter): ... to this. Don't mark it as static. + + gpg: Split write_pubkey_enc_from_list. + + commit 7eac4942b537c4b3710d34e6adb9c5d36338f38b + * g10/encrypt.c (write_pubkey_enc_from_list): Split the body of this + function out into... + (write_pubkey_enc): ... this new function. + + gpg: Allow the caller to write the contents of a plaintext packet. + + commit 2fdb950471bd36f046672254ff26ca94797cc9f1 + * g10/build-packet.c (do_plaintext): Change the semantics such that if + PT->BUF is NULL, it is the caller's responsibility to write the + content (and disable partial body length mode, if appropriate). + + gpg: Add a new function for creating binary notations. + + commit 1a624586149f9e34206e5d5e1ba0b7d2b7004c80 + * g10/build-packet.c (blob_to_notation): New function. + + gpg: Refactor the printing of binary notations. + + commit fd2d00ccf558b1ac1184967d8702ef01cd60bf60 + * g10/build-packet.c (sig_to_notation): Break printing of binary + notations into... + (notation_value_to_human_readable_string): ... this new function. + Provide a small preview of the binary data substituting non-printable + characters with '?'. + +2016-03-02 Uldis Anšmits <uldis.ansmits@tieto.com> + + tests/openpgp: Make tests more portable. + + commit 1cdb744d91ab33563fc0b3156fb05694caa55278 + * tests/openpgp/default-key.test: Avoid 'grep -q'. + * tests/openpgp/gpgtar.test: Avoid 'grep -qe' and 'diff -q'. + * tests/openpgp/use-exact-key.test: Avoid 'grep -q'. + +2016-03-02 Justus Winter <justus@g10code.com> + + common: Consolidate Assuan server argument handling. + + commit e77c85577d1bdd77ad3b81907145fd68f2653c01 + * common/Makefile.am (common_sources): Add new files. + * common/server-help.c: New file. + * common/server-help.h: Likewise. + * agent/command.c: Drop argument handling primitives in favor of using + the consolidated ones. + * dirmngr/server.c: Likewise. + * g10/server.c: Likewise. + * g13/server.c: Likewise. + * scd/command.c: Likewise. + * sm/server.c: Likewise. + +2016-03-01 Justus Winter <justus@g10code.com> + + dirmngr: Add missing CFLAGS. + + commit 9a1778abcae0a7afe33be8e02b6d9a909463cd54 + * dirmngr/Makefile.am (t_ldap_parse_uri_CFLAGS): Add + 'GPG_ERROR_CFLAGS'. + (t_dns_stuff_CFLAGS): Likewise. + + tools: Drop superfluous include. + + commit 3a1d142f9b71721a631cf2037665e9def60aa384 + * tools/gpgtar.c: Do not include unused 'npth.h'. + +2016-02-26 Werner Koch <wk@gnupg.org> + + gpg: Prettify a 2 octet hex output. + + commit 2de0d41219a522e01f050d475b3ddecb9173fc7d + * g10/sig-check.c (check_key_signature2): Wrap line and use %02x. + +2016-02-25 Neal H. Walfield <neal@g10code.com> + + gpg: Show debugging info if a sig with an unsupported sig class is used. + + commit 87515e39295e4b7eaec1641c38e1ac32e8d39a91 + * g10/sig-check.c (check_key_signature2): If SIG->CLASS is + unsupported, show some debugging information. Don't use BUG to fail. + Just return GPG_ERR_BAD_SIGNATURE. + + gpg: More carefully encode a packet's length. + + commit 960f5e26f2cda3ac6e6b30548fa808a690c39ffc + * g10/build-packet.c (write_header2): Make sure the length bits are + cleared. Fail if HDRLEN is set and the specified length can't be + encoded in the available space. + + gpg: Avoid directly twiddling bits. + + commit 105a5629c7e938ec7b3c9c338ebe7bdfee4cfdad + * g10/build-packet.c (do_plaintext): Use ctb_new_format_p to check the + packet's format. + (write_header2): Likewise. + + gpg: Add some asserts. + + commit c9636a1acc952eb8e1355089bc2e229dece98165 + * g10/build-packet.c (ctb_new_format_p): New function. + (ctb_pkttype): New function. + (do_user_id): Add some asserts. + (do_key): Likewise. + (do_symkey_enc): Likewise. + (do_pubkey_enc): Likewise. + (do_plaintext): Likewise. + (do_encrypted): Likewise. + (do_encrypted_mdc): Likewise. + (do_compressed): Likewise. + (do_signature): Likewise. + (do_signature): Likewise. + (write_header2): Likewise. + + gpg: Avoid an unnecessary copy. + + commit 512bc72e1f8544341529174142273d857f45540c + * g10/build-packet.c (sig_to_notation): Avoid an unnecessary copy of + the data: the size of the packet is fixed. + +2016-02-23 Neal H. Walfield <neal@g10code.com> + + common: Reduce buffer size. + + commit 75861b663bbb37214143c2ff7b1b4d1d10ba2657 + * common/iobuf.c (iobuf_copy): Change buffer size from 1 MB to 32 KB. + + common: Improve a function's documentation and comments. + + commit 14d27b2cadf9b0bb413f2b8bad2d81c1d370c2e7 + * common/iobuf.c (iobuf_set_partial_body_length_mode): Fix + documentation and comment. Add an assert. + + common: Add log_assert. + + commit f57a91afb69c58f9d8d9632801650f28c7dc1e0d + * common/logging.h (log_assert): New macro. + + gpg: Use higher-level functions. + + commit 33ac735a781325c4d47cdf6216813866ab93562e + * g10/build-packet.c (do_symkey_enc): Use iobuf_write instead of + iobuf_put in a loop. Use iobuf_copy instead of iobuf_read and + iobuf_write in a loop. Move the memory wiping from here... + * common/iobuf.c (iobuf_copy): ... to here. + + common: Check for an error before reading. + + commit 8066f8a3470f9d2f3682a28641a7b09eca29a105 + * common/iobuf.c (iobuf_copy): If DEST has a pending error, don't + start copying. + + common: More accurately name function. + + commit 903466e124841cb29f518afa6b7706d490737ac3 + * common/iobuf.c (iobuf_set_partial_block_mode): Rename from this... + (iobuf_set_partial_body_length_mode): ... to this. Update callers. + +2016-02-23 Werner Koch <wk@gnupg.org> + + g13: Add commands --suspend and --remove. + + commit f7968db30b0e0ccae038e354568accb0a05d877c + * g13/g13.c (aSuspend, aResume): New. + (opts): Add commands --suspend and --resume. + (main): Implement dummy command aUmount. Implement commands aResume + and aSuspend. + * g13/sh-cmd.c (cmd_suspend): New. + (cmd_resume): New. + (register_commands): Add commands RESUME and SUSPEND. + * g13/server.c (cmd_suspend): New. + (cmd_resume): New. + (register_commands): Add commands RESUME and SUSPEND. + * g13/be-dmcrypt.c (be_dmcrypt_suspend_container): New. + (be_dmcrypt_resume_container): New. + * g13/backend.c (be_suspend_container): New. + (be_resume_container): New. + * g13/suspend.c, g13/suspend.h: New. + * g13/mount.c (parse_header, read_keyblob_prefix, read_keyblob) + (decrypt_keyblob, g13_is_container): Move to ... + * g13/keyblob.c: new file. + (keyblob_read): Rename to g13_keyblob_read and make global. + (keyblob_decrypt): Rename to g13_keyblob_decrypt and make global. + * g13/sh-dmcrypt.c (check_blockdev): Add arg expect_busy. + (sh_dmcrypt_suspend_container): New. + (sh_dmcrypt_resume_container): New. + * g13/call-syshelp.c (call_syshelp_run_suspend): New. + (call_syshelp_run_resume): New. + + g13: Run mount after dmsetup. + + commit f26867928c451443769fecc41c3283e077e8c49f + * g13/g13-syshelp.c (main): Reject userids with a slash. + * g13/sh-dmcrypt.c (sh_dmcrypt_mount_container): Run mount if a + mountpoint is known. + +2016-02-23 Justus Winter <justus@g10code.com> + + tests/openpgp: Qualify executables with extension. + + commit ede0061febe5b2edde6a1a79d599e3c7c0faed5a + * tests/openpgp/Makefile.am (required_pgms): Qualify executables with + '$EXEEXT'. + + tests/openpgp: Reimplement 'pinentry.sh' in c. + + commit 01dcc2cf2f2f00235ffa7d0718ecb468370980cc + * tests/openpgp/Makefile.am: Build new program. + * tests/openpgp/defs.inc: Use the new program. + * tests/openpgp/fake-pinentry.c: New file. + + tests/openpgp: Avoid dependency on source files. + + commit 785a7f463ec4e937304ce1263c5e6a46e8079137 + * tests/openpgp/plain-largeo.asc: New file. + * tests/openpgp/version.test: Dearmor the new file instead of relying + on the source being present. + + tests/openpgp: Fix file removal. + + commit 629284120ff359b98a178b6cddf0e005e5f4db1a + * tests/openpgp/version.test: Fix file removal. + + common/exechelp: Provide a way to wait for multiple processes. + + commit 5ba4f6047b84e4cfdb3e6bc88e574ca7a455da81 + * common/exechelp-posix.c (gnupg_wait_process): Generalize to + 'gnupg_wait_processes'. + * common/exechelp-w32.c (gnupg_wait_process): Likewise. + * common/exechelp-w32ce.c (gnupg_wait_process): New function stub. + * common/exechelp.h (gnupg_wait_process): New prototype. + + common/exechelp: Add general pipe function. + + commit 9f4a8d4ea173b4b4cb4d4f06b4004d43e2f4b97a + * common/exechelp-posix.c (gnupg_create_pipe): New function. + * common/exechelp-w32.c (INHERIT_{READ,WRITE,BOTH}): New macros. + (create_inheritable_pipe): Generalize so that both ends can be + inherited. + (do_create_pipe): Rename argument accordingly. + (gnupg_create_{in,out}bound_pipe): Use new flags. + (gnupg_create_pipe): New function. + (gnupg_spawn_process): Use new flags. + * common/exechelp-w32ce.c (gnupg_create_pipe): New stub. + * common/exechelp.h (gnupg_create_pipe): New prototype. + + common/exechelp: Mute the Windows version. + + commit 54acc87c1e0b100accbfd02cfce59a897f2f0ce1 + * common/exechelp-w32.c (gnupg_wait_process): Do not print an error if + the exit code can be returned. This makes the Windows version behave + like the POSIX version. + + common/exechelp: Avoid magic numbers. + + commit 709e2a7e9a3197e8ded4be0b05c138e8d5adbca6 + * common/exechelp-w32.c (do_create_pipe): Use symbolic names. + + common/exechelp: Disable debugging by default. + + commit 5d8f7b16c8490d6951772fa98c1f075a952cc571 + * common/exechelp-w32.c (DEBUG_W32_SPAWN): Set to 0. + + common/exechelp: Fix handle leak. + + commit dd670366d7aedb07e9420d1f8575197acfae1914 + * common/exechelp-w32.c (gnupg_spawn_process_detached): Close process + handle. + + common/exechelp: Fix opening the 'nul' device. + + commit 8857590006266da200427f2d4f9e8c27fbc89ed9 + * common/exechelp-w32.c (gnupg_spawn_process): Fix opening the 'nul' + device. + + common/exechelp: Fix error handling. + + commit f5a4b6a3a39a2b78d33769184d6133d5e256e02c + * common/exechelp-w32.c (gnupg_spawn_process): Close the right handle. + + common/exechelp: Fix pipe creation. + + commit b0125ae9850973b89010517b1dbce04125a51d51 + * common/exechelp-w32.c (gnupg_spawn_process): Fix the creation of the + input pipe. + + tools/mk-tdata: Fix data generation on Windows. + + commit 661ba477e01b796db161fa612b46c353393c6b10 + * tools/mk-tdata.c (main): Set stdout to binary mode to avoid newline + conversion. + +2016-02-19 Neal H. Walfield <neal@g10code.com> + + gpg: Systematically detect and fix signatures that are out of order. + + commit 2d1d795481bc011447284f8ce0a3ae96a08daf17 + * g10/keyedit.c (sig_comparison): New function. + (fix_key_signature_order): Merge functionality into... + (check_all_keysigs): ... this function. Rewrite to eliminate + duplicates and use a systematic approach to detecting and moving + signatures that are out of order instead of a heuristic. + (fix_keyblock): Don't call fix_key_signature_order. Call + check_all_keysigs instead after collapsing the uids. + + gpg: Split check_key_signature2. + + commit 44cdb9d73f1a0b7d2c8483a119b9c4d6caabc1ec + * g10/sig-check.c (hash_uid_node): Rename from this... + (hash_uid_packet): ... to this. Take a PKT_user_id instead of a + KBNODE. + (check_key_signature2): Split the basic signature checking + functionality into... + (check_signature_over_key_or_uid): ... this new function. + + gpg: Split print_and_check_one_sig. + + commit 5fbd80579aea0f75ca1d2700515c5b8747a75c7d + * g10/keyedit.c (print_and_check_one_sig): Split the print + functionality into... + (print_one_sig): ... this new function. + + gpg: Split the function check_signature_end. + + commit ac5aea95455372145f3f06df2b4c1584d759d660 + * g10/sig-check.c (check_signature_end): Break the basic signature + check into... + (check_signature_end_simple): ... this new function. + + gpg: Use format_keyid rather than manually formatting the keyid. + + commit 10671c3a4c18ea26035a5819a9f2b8fd6c7e41ea + * g10/keyedit.c (menu_addrevoker): Use format_keyid rather than + manually formatting the keyid. + * g10/keygen.c (card_write_key_to_backup_file): Likewise. + + gpg: Initialize the primary key when generating a key. + + commit bf9d1248c80205795e26156f67aff0b3f796cfce + * g10/keygen.c (do_generate_keypair): Initialize + pri_psk->flags.primary, pri_psk->keyid and pri_psk->main_keyid. + + gpg: Add accessor & utility functions for pk->keyid and pk->main_keyid. + + commit c45633a571bf663bc7f3610fc481acded6acfc19 + * g10/keydb.h (keyid_cmp): New function. + * g10/keyid.c (pk_keyid): New function. + (pk_main_keyid): New function. + (keyid_copy): New function. + (pk_keyid_str): New function. + * g10/packet.h (PKT_public_key): Update comments for main_keyid and + keyid. + +2016-02-18 Daniel Kahn Gillmor <dkg@fifthhorseman.net> + + gpgparsemail: Allow weirdly-mixed pkcs7 signatures. + + commit 7e7f35a2d7d40267a4dd30791df77420efeebfa7 + * tools/gpgparsemail.c: Add and check info->signing_protocol_2. + + gpg: Clean up dangling agent_open and agent_closed declarations. + + commit 813df2fe6656e55bea4d0be07cc964a140218412 + * g10/keydb.h: Remove agent_open, agent_close declarations/ + * g10/migrate.c: #include <unistd.h> for access() + +2016-02-16 Werner Koch <wk@gnupg.org> + + w32: Make scdaemon build again due to libusb problem. + + commit e1ceff16765b0342531709cf97d03ef0158c29d5 + * configure.ac: Add hack to disable libusb for Windows. Also use + $host instead of $target in the switch + -- + + The new test for libusb does not support cross-compiling. As a quick + workaround we disable libusb for Windows because we can't use it anyway. + + w32: Do not error out if gpgconf is not installed. + + commit 44b02e1beb4f38f26551d932827d5317fddd27c2 + * common/homedir.c (check_portable_app): Remove error message. + +2016-02-16 Neal H. Walfield <neal@g10code.com> + + gpg: Make ASCII armor decoding more robust to encoding errors. + + commit 2f02ed75a9671a7aae36968d5a1618f71b491325 + * g10/armor.c (radix64_read): If the = is followed by the string "3D", + check if the following four characters are valid radix 64 and are + followed by a new line. If so, warn and ignore the '3D'. + +2016-02-16 Werner Koch <wk@gnupg.org> + + doc: Add a gnupg-module-overview picture. + + commit a1c11283af759c1045a8bb75815db325f415ded4 + * doc/gnupg-module-overview.svg: New. + * doc/debugging.texi (Component interaction): New. + * doc/Makefile.am (EXTRA_DIST): Add PNG and PDF versions of + gnupg-module-overview.svg. Remove two eps files. + (BUILT_SOURCES): Add gnupg-module-overview.pdf and .png. Remove + gnupg-card-architecture.epsl + (gnupg_TEXINFOS): Add gnupg-module-overview.svg + (gnupg.dvi): New. + (DISTCLEANFILES): Remove build eps files. + +2016-02-15 NIIBE Yutaka <gniibe@fsij.org> + + common, g10: Fix indentation to silence GCC-6. + + commit ea9cfcfbf76de232221f31787c53d5f46361a9f0 + * common/iobuf.c (iobuf_ioctl): Fix. + * g10/encrypt.c (encrypt_filter): Likewise. + * g10/keyring.c (prepare_search): Likewise. + + dirmngr: fix for memory alignment. + + commit 6fbe12a51e8fe2649ffe5a8a02aa93026a8f02cd + * dirmngr/dns-stuff.c (get_dns_cert): Cast through void *. + (getsrv, get_dns_cname): Make sure it's aligned for HEADER. + +2016-02-14 Werner Koch <wk@gnupg.org> + + gpg: Add hidden key-edit subcommand "change-usage". + + commit 9b28b82e7c40d1eacc446d5932cd613c56378ed8 + * g10/keyedit.c (cmdCHANGEUSAGE): New. + (cmds): Add command "change-usage". + (keyedit_menu): Handle that command. + (menu_changeusage): New. + * g10/keygen.c (keygen_add_key_flags): New. + (ask_key_flags): Add optional arg current. + +2016-02-14 Neal H. Walfield <neal@g10code.com> + + gpg: Improve API documentation. + + commit 9663b088480cef6734a3c5892d5ddbbd60ecc1a4 + * g10/seskey.c (make_session_key): Improve documentation. + (encode_session_key): Improve documentation. + * g10/encrypt.c (encrypt_seskey): Remove gratuitous initialization. + * g10/dek.h (DEK): Improve documenation. + + gpg: Fix calc_header_length when LEN is 0 and improve documentation. + + commit 5cdde08ea869ef02111f618ad782d392a296eb7f + * g10/build-packet.c (calc_header_length): Return the correct haeder + size when LEN is 0. Fix documentation. + + gpg: Fix format_keyid when dynamically allocating the buffer. + + commit c0268c449d0f3d23be5ec7b92fe92e7e078166cf + * g10/keyid.c (format_keyid): Return a char *, not a const char *. If + BUFFER is NULL, then set LEN to the static buffer's size. + + common: Fix comment. + + commit ad43dc6cfc2b610a4e34fe55811bd937f9c3238b + * common/iobuf.c (iobuf_flush_temp): Fix comment. + +2016-02-13 Werner Koch <wk@gnupg.org> + + g13: Require a confirmation before g13 is used for DM-Crypt. + + commit 86f3bb144ad75461eb9b7ac1e59046ac75efccac + * g13/g13-syshelp.c (g13_syshelp_i_know_what_i_am_doing): + * g13/sh-dmcrypt.c (sh_dmcrypt_create_container): Call it. + (sh_dmcrypt_mount_container): Call it. + + g13: Second chunk of code to support dm-crypt. + + commit b0e6ab1109d05fc664f46e17d721fe9b01d38115 + * g13/be-dmcrypt.c, g13/be-dmcrypt.h: New. + * g13/Makefile.am (g13_SOURCES): Add them. + * g13/backend.c: Include be-dmcrypt.h and call-syshelp.h. + (no_such_backend): Rename to _no_such_backend and provide replacement + macro. + (be_is_supported_conttype): Support DM-Crypt. + (be_take_lock_for_create): Call set_segvice for DM-Crypt. + (be_create_new_keys): Make it a dummy for DM-Crypt. + (be_create_container): Call be_dmcrypt_create_container. + (be_mount_container): call be_dmcrypt_mount_container. + * g13/g13-syshelp.c (main): Enable verbose mode. + * g13/g13tuple.c (get_tupledesc_data): New. + * g13/g13tuple.h (unref_tupledesc): New. + * g13/g13.h (server_control_): Add field "recipients". + * g13/g13.c (main): Fix setting of recipients via cmdline. + (g13_deinit_default_ctrl): Release recipients list. + (g13_request_shutdown): New. Replace all direct update of + shutdown_pending by calls this function. + * g13/server.c (server_local_s): Remove field recipients which is now + part of CTRL. + (reset_notify, cmd_recipient, cmd_create): Adjust for this change. + * g13/create.c (encrypt_keyblob): Rename to g13_encrypt_keyblob. + (g13_create_container): Support DM-Crypt. + * g13/mount.c (parse_header): Allow for meta data copies. + (g13_mount_container): Support DM-Crypt. + * g13/sh-cmd.c (cmd_create): Make it work. + (cmd_mount): New. + * g13/sh-dmcrypt.c (sh_dmcrypt_create_container): Make it work. + (sh_dmcrypt_mount_container): New. + + g13: Improve dump_keyblob. + + commit 13f745b50dc7031755faadb2d3476a6b6aafc739 + * g13/g13tuple.c: Include keyblob.h. + (find_tuple_uint): Factor code out to ... + (convert_uint): new. + (all_printable): New. + * g13/mount.c (dump_keyblob: Move and rename to ... + * g13/g13tuple.c (dump_tupledesc): here. Revamp and pretyy print uint + values. + + g13: Define 3 new tags. + + commit 59fc3507d18072833559f227ecab8aa00cad9466 + * g13/keyblob.h (KEYBLOB_TAG_CONT_NSEC): New. + (KEYBLOB_TAG_ENC_NSEC): New. + (KEYBLOB_TAG_ENC_OFF): New. + + g13: Rename utils.c to g13tuple.c. + + commit 82d12156ef5f948d44934ed44d79d24cc9e94366 + * g13/utils.c: Rename to g13tuple.c. + * g13/utils.h: Rename to g13tuple.h. Change all users. + * g13/Makefile.am: Adjust accordingly + + g13: Add functions to handle uint in a keyblob. + + commit 4f152f3276b6d40d2568a27e74903dd18b41d752 + * g13/utils.c (append_tuple_uint): New. + (find_tuple_uint): New. + * g13/t-utils.c: New. + * g13/Makefile.am (noinst_PROGRAMS, TESTS): New. + (module_tests, t_common_ldadd): New. + (t_utils_SOURCES, t_utils_LDADD): New. + + g13: Re-factor high level create code. + + commit dc1dbc43a6bfb2f3e6a1cc2ca089e0318b3af0ed + * g13/create.c (g13_create_container): Factor some code out to ... + * g13/backend.c (be_take_lock_for_create): new. + + g13: Return an error for non-existing device. + + commit 3087197008d2b12bf9f0d7d1f2aca500db816e7c + * g13/sh-cmd.c (cmd_device): Set ERR. + + g13: Fix releasing of a syshelp context. + + commit 6390beca54f55e8d36ff767b99ae9ff68b15f10e + * g13/call-syshelp.c (call_syshelp_release): Allow a NULL arg. + + g13: Switch over to common/exectool.c. + + commit c5d7045dafcfb569c11c90c04ea7a75328c80084 + * g13/sh-exectool.c: Remove. It has been replaced by common/exectool.c. + * g13/Makefile.am (g13_syshelp_SOURCES): Remove sh-exectool.c + * g13/sh-blockdev.c: Include exectool.h. Change sh_exec_tool to + gnupg_exec-tool. + * g13/sh-dmcrypt.c: Ditto. + + common: Make gnupg_exec_tool conform to spec. + + commit d19d6e1856c9a1acbf48e8b2e39b3d9171aa9f7f + * common/exectool.c (gnupg_exec_tool): Allocate extra byte. Allow + zero length read. Append hidden byte. Release memory on error. + + g13: First chunk of code to support dm-crypt. + + commit 81494fd30d3815502247a721f50d9eadf86a73fa + * g13/call-syshelp.c, g13/call-syshelp.h: New. + * g13/g13-syshelp.c, g13/g13-syshelp.h: New. + * g13/sh-cmd.c: New. + * g13/sh-blockdev.c: New. + * g13/sh-exectool.c: New. + * g13/sh-dmcrypt.c: New. + * g13/Makefile.am (sbin_PROGRAMS): Add g13-syshelp.c + (g13_syshelp_SOURCES): New. + (g13_syshelp_LDADD): New. + + * g13/g13.c (opts): Add option --type. + (g13_deinit_default_ctrl): New. + (main): Implement that option. Call g13_deinit_default_ctrl. + * g13/g13.h (struct call_syshelp_s): New declaration. + (server_control_s): Add field syshelp_local. + * g13/keyblob.h (KEYBLOB_TAG_CREATED): New. + (KEYBLOB_TAG_ALGOSTR): New. + (KEYBLOB_TAG_HDRCOPY): New. + * g13/backend.c (be_parse_conttype_name): New. + (be_get_detached_name): Add CONTTYPE_DM_CRYPT. + + tests: Remove some harmless warnings in regression tests. + + commit d711f5c7697cd4bc5dc6d9fd01706cabc771dad2 + * tests/openpgp/gpg-agent.conf.tmpl: Remove --use-standard-socket. + +2016-02-12 Neal H. Walfield <neal@g10code.com> + + common: Change simple_query to ignore status messages. + + commit acac103ba5772ae738ce5409d17feab80596cde6 + * common/simple-pwquery.c (simple_query): Ignore status messages. + +2016-02-12 NIIBE Yutaka <gniibe@fsij.org> + + g10: Make sure to have the directory for trustdb. + + commit d9f9b3be036747c9f55060aed47896f951bfb853 + * g10/tdbio.c (tdbio_set_dbname): Return earlier if !CREATE. Check + the directory and create it if none before calling take_write_lock. + +2016-02-02 Neal H. Walfield <neal@g10code.com> + + doc: Note that rngd can also be used to quickly generate insecure keys. + + commit 75311cfe18071b94c66121a9785b133b6df345a3 + * doc/gpg-agent.texi (Agent Options): Add comment to the description + of --debug-quick-random that rngd can also be used to quickly generate + key. + +2016-01-27 Werner Koch <wk@gnupg.org> + + scd: Fix size_t/int mismatch in libusb. + + commit 3d952a2fe5da9d84c20d3debdcc1e425b08781c6 + * scd/ccid-driver.c (bulk_in, abort_cmd, ccid_poll): Change msglen to + int. + + scd: Fix detection of libusb. + + commit 1b90b52a56b4f808ad29a7ef79aeafc03c7424b4 + * configure.ac (HAVE_LIBUSB): Clear if no header file was found. + (LIBUSB_LIBS): Ditto. + + dirmngr: Build fix for FreeBSD (EAI macros) + + commit 4d67144142f04184b835e50314eb21b882b9e00a + * dirmngr/dns-stuff.c (map_eai_to_gpg_error): Map EAI_NODATA and + EAI_ADDRFAMILY only if defined. + +2016-01-27 NIIBE Yutaka <gniibe@fsij.org> + + scd: Migrate to new API of libusb 1.0. + + commit d0d97089706286fafd3c8ff56f3b5bf7ac07c6e0 + * configure.ac (LIBUSB_CPPFLAGS): New. + * scd/Makefile.am (AM_CPPFLAGS): Add LIBUSB_CPPFLAGS. + * scd/ccid-driver.c: Use libusb 1.0 API. + +2016-01-26 Werner Koch <wk@gnupg.org> + + Release 2.1.11. + + commit e9e5e83ec14459c2fc9060c54fc8e7381b541acd + + +2016-01-26 Andre Heinecke <aheinecke@intevation.de> + + gpgtar,w32: Fix gpgtar 8 bit encoding handling on W32. + + commit 3e50236d4ecc3601b2641bf4273a0ff64bb5fdc4 + * common/utf8conv.c (wchar_to_utf8): Factor code out to ... + (wchar_to_cp): new. + (utf8_to_wchar): Factor code out to ... + (cp_to_wchar): new. + (wchar_to_native): New. + (native_to_wchar): New. + * tools/gpgtar-create.c (fillup_entry_w32): Use native_to_wchar. + (scan_directory): Use wchar_to_native. + +2016-01-26 NIIBE Yutaka <gniibe@fsij.org> + + g10: Fix segfault on unsupported curve. + + commit b8bb16c6c08d3c2947f1ff67419b36eb203c5c1a + * g10/call-agent.c (learn_status_cb): Don't use NULL for strcmp. + + sm: small fix for GCC 6. + + commit d33a34004bef028068538f099c32a0e292a004c3 + * sm/export.c (insert_duptable): Use unsigned 0. + +2016-01-25 Werner Koch <wk@gnupg.org> + Daiki Ueno <ueno@gnu.org> + + gpg: Print PROGRESS status lines during key generation. + + commit fbe1cf67aadc5a33cf815ddbcfc9669e43caa123 + * g10/call-agent.c (cache_nonce_status_cb): Rewrite by using + has_leading_keyword. Handle PROGRESS lines. + +2016-01-25 Werner Koch <wk@gnupg.org> + + agent: Send PROGRESS status lines to the client. + + commit ee87c653bf4b495714e8e6b024d0a8ace3a33452 + * agent/gpg-agent.c (struct progress_dispatch_s): New. + (progress_dispatch_list): New. + (main): Register libgcrypt pogress handler. + (agent_libgcrypt_progress_cb): New. + (agent_set_progress_cb): New. + (unregister_progress_cb): New. + (agent_deinit_default_ctrl): Call unregister. + * agent/command.c (progress_cb): New. + (start_command_handler): Register progress callback. + + speedo: Allow use of SHA-256 checksums. + + commit 039a55716b8abd22ce23a96dce34cf2dc4be1862 + * build-aux/getswdb.sh: Add option --find-sha256sum. + * build-aux/speedo.mk (libgpg_error_sha2): New var. Also for all + other packages. + (SHA2SUM): New. + (SETVARS, SETVARS_W64): Prefer sha256sum over sha1sum. + (installer-from-source): Create swdb fragment. + +2016-01-22 Werner Koch <wk@gnupg.org> + + dirmngr: Indicate that serial numbers are hexadecimal. + + commit 12c665b36cdc4b7189549698fc4cc1b3523b18f5 + * dirmngr/misc.c (hexify_data): Add arg with_prefix. Adjust all + callers. + * dirmngr/crlcache.c (cache_isvalid): Print "0x" in front of the S/N. + + dirmngr: Provide the keyserver pool name even if there is no CNAME. + + commit 77bceb2902dd489443073d91836ea54376c60bf6 + * dirmngr/ks-engine-hkp.c (map_host): Fix setting of r_poolname. + +2016-01-22 Daniel Kahn Gillmor <dkg@fifthhorseman.net> + wk@gnupg.org + + dirmngr: Use sks-keyservers CA by default for the hkps pool. + + commit afb8696126ff0babaab23e884ff5da008281e3b7 + * dirmngr/Makefile.am (dist_pkgdata_DATA): Add sks-keyservers.netCA.pem. + * dirmngr/http.c (http_session_new): Add optional arg + intended_hostname and set a default cert. + * dirmngr/ks-engine-hkp.c (send_request): Pass httphost to + http_session_new. + +2016-01-22 Werner Koch <wk@gnupg.org> + + gpg: Allow new user ids with only the mail address. + + commit fc0c71dfe5ea8f1c683101948c23f5d2064ee4cd + * g10/keygen.c (ask_user_id): Allow empty name. + +2016-01-21 Werner Koch <wk@gnupg.org> + + gpg: Improve header text of the auto-created revocations. + + commit bb99b40bd1e624f58ca806ca16dc73d4d594a30a + * g10/revoke.c (gen_standard_revoke): Improve header text for the + file. Add info output. + + gpg: Make --auto-key-retrieve work with dirmngr configured server. + + commit 09117e769a093467cb47154f36d7dda613313e33 + * g10/call-dirmngr.c (gpg_dirmngr_ks_list): Make R_KEYSERVER optional. + * g10/keyserver.c (keyserver_any_configured): New. + (keyserver_put): Remove arg keyserver because this will always receive + opt.keyserver which is anyway used when connecting dirmngr. Do not + check opt.keyserver. + (keyserver_import_cert): Replace opt.keyserver by + keyserver_any_configured. + * g10/mainproc.c (check_sig_and_print): Ditto. + * g10/import.c (revocation_present): Ditto. + * g10/getkey.c (get_pubkey_byname): Ditto. + * g10/gpgv.c (keyserver_any_configured): Add stub. + * g10/test-stubs.c (keyserver_any_configured): Add stub. + +2016-01-20 Werner Koch <wk@gnupg.org> + + gpg: Silence message about ignoring revoked user ids. + + commit bdb61351776c038d668310d9b5e5c32588ef6519 + * g10/trustdb.c (tdb_get_validity_core): Print message only in debug + mode. + + agent: New option --pinentry-timeout. + + commit 499743387f4d07847a2842358bc54f9237e0c2a7 + * agent/gpg-agent.c (oPinentryTimeout): New. + (opts): Add new option. + (parse_rereadable_options): PArse that option. + (main): Tell gpgconf about this option. + * agent/call-pinentry.c (start_pinentry): Send option to Pinentry. + * tools/gpgconf-comp.c (gc_options_gpg_agent): Add Option. + +2016-01-19 Werner Koch <wk@gnupg.org> + + gpg: Streamline use of error messages in tofu.c. + + commit cfa41890bb5ff306c07dad295136601fe47566a7 + * g10/tofu.c: Make use of print_further_info to reduce the number of + different error messages to be translated. Also streamline some + messages. + + common: Add substitute code for libgpg-error < 1.22. + + commit 8b7f64f9dfc80b2a0ad235996b47369c2ba9b48f + * common/util.h (GPG_ERR_DB_CORRUPTED): New. + + gpg: Add function print_further_info. + + commit d96e76d15f61812b950b64a60bc47117785a9dac + * g10/misc.c (print_further_info): New. + +2016-01-18 Werner Koch <wk@gnupg.org> + + g10: Improve strings printed by tofu.c. + + commit 79778a8dd5f61a6b7abeeb44b75d82932db788b7 + * g10/tofu.c: Include ttyio.h. Change many strings to help + translating. Make use of ngettext wehere needed. + (CONTROL_L): New. + (TIME_AGO_UNIT_SMALL_NAME): Remove this and all similar *_NAME macros. + (time_ago_unit): Remove. + (get_trust): Use tty_prints and cpr_get only for the actual prompt. + Add Ctrl-L hack. + (show_statistics): Use two English strings for singular and plural. + + * po/POTFILES.in: Add tofu.c. + + gpg: Use "days" in "...newer than..." diagnostics. + + commit 9309bda9581715d304305c8c5116f2cbb31aec77 + * g10/sig-check.c (check_signature_metadata_validity): Use days if + useful. + + Use ngettext for some strings. + + commit 437965e5622612941ed0fa55584811c65069242e + * scd/app-openpgp.c (build_enter_admin_pin_prompt): Use ngettext for + some diagnostics. + (do_genkey): Ditto. + * g10/keyedit.c (check_all_keysigs, menu_delsig, menu_clean): Ditto. + * g10/keylist.c (print_signature_stats): Ditto. + * g10/keyserver.c (keyserver_refresh): Ditto. + * g10/sig-check.c (check_signature_metadata_validity): Ditto. + * g10/sign.c (do_sign): Ditto. + * g10/trustdb.c (reset_trust_records): Ditto. + (validate_keys): Use a table like diagnostic output. + +2016-01-15 Werner Koch <wk@gnupg.org> + + kbx,w32: Use shorter retry intervals for keybox_file_rename. + + commit 3cccd5a83b96e4558642dcdf5d974f64ebdb9817 + * kbx/keybox-util.c (keybox_file_rename): Restart retry intervals + after 800ms. + +2016-01-14 Werner Koch <wk@gnupg.org> + + w32: Fix deadlock introduced by keybox_file_rename. + + commit 663c5d129a8f400cc6eb8ab7b91772d6e578152d + * g10/keyring.c (keyring_lock) [W32]: Flush the close cache before + locking. + * kbx/keybox-init.c (keybox_lock) [W32]: Close the file before + locking. + + gpg: Detect race between pubring.gpg and pubring.kbx use. + + commit 3b1248e007a6bf830a3230ee2d9cc548205ec31a + * g10/keydb.c (maybe_create_keyring_or_box): Detect race condition. + + kbx: New function keybox_file_rename to replace rename. + + commit 8241ed59d05e06252647b26477ed5c2f84895a26 + * kbx/keybox-util.c: Include windows.h. + (keybox_file_rename): New. + * kbx/keybox-update.c (rename_tmp_file): Replace remove+rename by + keybox_file_rename. + * g10/keyring.c (rename_tmp_file): Ditto. + + kbx: Add function keybox_tmp_names to avoid code duplication. + + commit f5cceef115f0307664956d01c48b1b397fdad4b3 + * kbx/keybox-update.c (create_tmp_file): Move some code to... + * kbx/keybox-util.c (keybox_tmp_names): new. + * g10/keyring.c: Include keybox.h. + (create_tmp_file): Replace parts by keybox_tmp_names. + + gpg: Make --list-options show-usage the default. + + commit 360534bde770f4845669de223154216d249b954b + * g10/gpg.c (main): Add LIST_SHOW_USAGE. + +2016-01-13 Werner Koch <wk@gnupg.org> + + kbx: Change return type of search functions to gpg_error_t. + + commit c7ca0f73dbe7c080b79f93f90f00ba2396fc4bd0 + * kbx/keybox-search.c (keybox_search_reset): Change return type to + gpg_error_t. + (keybox_search): Ditto. Also handle GPG_ERR_EOF. + * sm/keydb.c (keydb_search_reset): Ditto. + + gpg: Improve error code from lock_all. + + commit 9b6c91469a804c60289a2ed21334dfd856c294bb + * g10/keydb.c (lock_all): Do not clobber RC during failur cleanup. + + kbx: Improve and fix keybox_lock. + + commit 8f1368d5e3f7654ad9cb100053535f728dff2344 + * kbx/keybox-init.c (keybox_lock): Make sure ERR is initialized. Get + error codes from dotlock functions. + + common: Make sure dotlock functions set a proper ERRNO. + + commit 4aceebf36f103eb380e21d12a1f08b7d6ea7cc8e + * common/dotlock.c (map_w32_to_errno): New. + (read_lockfile): Return a proper ERRNO. + (dotlock_create_unix): Do not let log functions clobber ERRNO. + (dotlock_take_unix): Ditto. + (dotlock_release_unix): Ditto. + (dotlock_create_w32): Set proper ERRNO. + (dotlock_take_w32): Ditto. + (dotlock_release_w32): Ditto. + + kbx: Implement keybox_lock for use by gpg. + + commit 160862978628b07ed5150ec2c8abad6af1656bc3 + * kbx/keybox-defs.h: Include dotlock.h and logging.h. + (CONST_KB_NAME): Remove. Replace usage by KB_NAME. + (struct keybox_name): Add field "lockhd". + * kbx/keybox-init.c (keybox_register_file): Init LOCKHD. + (keybox_lock): Chnage to return gpg_error_t. Implement locking. + + gpg: Make sure to mark a duplicate registered keybox as primary. + + commit 9dc355ad3ae0026ab04c424dc984d748b8fad393 + * kbx/keybox-init.c (keybox_register_file): Change interface to return + the token even if the file has already been registered. + * g10/keydb.c (primary_keyring): Rename to primary_keydb. + (maybe_create_keyring_or_box): Change return type to gpg_error_t. + (keydb_add_resource): Ditto. s/rc/err/. + (keydb_add_resource): Mark an already registered as primary. + * sm/keydb.c (maybe_create_keybox): Change return type to gpg_error_t. + (keydb_add_resource): Ditto. s/rc/err/. + (keydb_add_resource): Adjust for changed keybox_register_file. + +2016-01-13 NIIBE Yutaka <gniibe@fsij.org> + + Fix to support git worktree. + + commit 96237b9a63a50aed1884cb06f84279b977d6a8fa + * autogen.sh, Makefile.am, doc/Makefile.am: Use -e for testing .git. + +2016-01-12 Werner Koch <wk@gnupg.org> + + ssh: Accept OpenSSH *cert-v01 key variants. + + commit e2f984b4afffaa89bdeba2f5d447b5681237177e + * agent/command-ssh.c (SPEC_FLAG_WITH_CERT): New. + (ssh_key_types): Add OpenSSH cert types. + (stream_read_string): Allow a dummy read. + (ssh_receive_mpint_list): Pass SPEC by reference. + (ssh_receive_mpint_list): New arg CERT and use it. + (ssh_receive_key): Read certificate into an estream object and modify + parser to make use of that object. + +2016-01-12 NIIBE Yutaka <gniibe@fsij.org> + + common: Fix iobuf API of filter function for alignment. + + commit 4b4639b0b04dc82c550fa711dd7193e13fc4a428 + * common/iobuf.h: Fix comment. + + common: Fix iobuf API of filter function for alignment. + + commit 3f52c7da3940ec06572270d511000dc7fe9c27d2 + * common/iobuf.h (IOBUFCTRL_DESC): Change the call semantics. + * common/iobuf.c (iobuf_desc): Add the second argument DESC. + (print_chain, iobuf_close, do_open, iobuf_sockopen, iobuf_ioctl) + (iobuf_push_filter2, pop_filter, iobuf_write_temp): Change calls + of iobuf_desc. + (file_filter, file_es_filter, sock_filter, block_filter): Fill the + description. + * common/t-iobuf.c (every_other_filter, double_filter): Likewise. + * g10/armor.c, g10/cipher.c, g10/compress-bz2.c, g10/compress.c, + g10/decrypt-data.c, g10/encrypt.c, g10/mdfilter.c, g10/progress.c, + g10/textfilter.c: Likewise. + +2016-01-11 Werner Koch <wk@gnupg.org> + + gpg: Fix NULL de-ref for ambiguous key check in --export-ssh-keys. + + commit b280aa6423c9492e8c5a9afa57339d06d957996d + * g10/getkey.c: Allow arg RET_KEYBLOCK to be NULL. + +2016-01-09 Werner Koch <wk@gnupg.org> + + tools: Remove gpgkey2ssh. + + commit eb9c021631174fde4c1c444bbc533a7a46d570cd + * tools/gpgkey2ssh.c: Remove. + * tools/Makefile.am (bin_PROGRAMS): Ditto. + +2016-01-08 Werner Koch <wk@gnupg.org> + + gpg: Support ECDSA keys with --export-ssh-key. + + commit b2da3951a395366bf1644bc4c4eb42d657effe17 + * g10/export.c (key_to_sshblob): Add hack for ECDSA. + + gpg: New command --export-ssh-key. + + commit 4970868d8d84d3a64b067e5aafc9f097621758d3 + * g10/export.c: Include membuf.h and host2net.h. + (key_to_sshblob): New. + (export_ssh_key): New. + * g10/gpg.c (aExportSshKey): New. + (opts): Add command. + (main): Implement that command. + + gpg: Add an exact search flag to the PK struct. + + commit 34bca9cd4b8517795833cb754b0d5b1dd33b08ed + * g10/getkey.c (merge_selfsigs_subkey): Clear exact flag. + (finish_lookup): Set exact flag. + * g10/packet.h (PKT_public_key): Add field flags.exact. + + Print warnings if old daemon versions are used. + + commit 2aa42baaf3dd7c3ae613ae0c61760a17c8adfcd0 + * common/status.h (STATUS_WARNING): New. + * g10/call-agent.c (warn_version_mismatch): New. + (start_agent): Call warn function. + * g10/call-dirmngr.c: Include status.h. + (warn_version_mismatch): New. + (create_context): Call warn function. + * sm/call-agent.c (warn_version_mismatch): New. + (start_agent): Call warn function. + (gpgsm_agent_learn): Call warn function. + * sm/call-dirmngr.c (warn_version_mismatch): New. + (prepare_dirmngr): Call warn function. + + common: New function compare_version_strings. + + commit 4d7ac43ff71fdadfd2e04621f74840a82fbe788a + * common/stringhelp.c (parse_version_number): New. + (parse_version_string): New. + (compare_version_strings): New. + * common/t-stringhelp.c (test_compare_version_strings): New. + (main): Call test. Return ERRCOUNT instead of 0. + + common: New function get_assuan_server_version. + + commit 496643291e1e346434e9c98405c5a370957eb7d3 + * common/asshelp.c: Include membuf.h. + (get_assuan_server_version): New. + * g10/call-agent.c (agent_get_version): Use new function. + + common: New put_membuf_cb to replace static membuf_data_cb. + + commit 833ba5faa1340aff80a205acbb701d4ae1d594d0 + * common/membuf.c (put_membuf_cb): New. + * agent/call-scd.c (membuf_data_cb): Remove. Change callers to use + put_membuf_cb. + * common/get-passphrase.c (membuf_data_cb): Ditto. + * g10/call-agent.c (membuf_data_cb): Ditto. + * sm/call-agent.c (membuf_data_cb): Ditto. + +2016-01-07 Werner Koch <wk@gnupg.org> + + gpg: Return an error code from keygrip_from_pk. + + commit 8fd406c317ad7c2e375ae4f7d20656dadf6d7fcc + * g10/keyid.c (keygrip_from_pk): Return an error code. + + gpg: Avoid warnings about possible NULL deref. + + commit 8a56a38387c10c02ba0790c655dd5c1d08e4a724 + * g10/getkey.c (cache_public_key): Protect deref of CE which actually + can't happen. + * g10/keygen.c (quickgen_set_para): s/sprintf/snprintf/. + * g10/tofu.c (end_transaction, rollback_transaction): Allow NULL for + DB. + * g10/trustdb.c (update_min_ownertrust): Remove useless clearling of + ERR. + + gpg: Fix warnings about useless assignments. + + commit 008aa6e6d4b213c3a0d15509eb46cf168b6f2c94 + * g10/armor.c (parse_hash_header): Remove duplicate var assignment. + * g10/getkey.c (cache_user_id): Ditto. + * g10/keygen.c (ask_curve): Ditto. This also fixes a small memory + leak. + + * g10/keygen.c (proc_parameter_file): Remove useless assignment or + pointer increment. + (generate_keypair): Ditto. + * g10/getkey.c (finish_lookup, lookup): Ditto. + * g10/card-util.c (change_pin): Ditto. + * g10/gpg.c (main) <aVerify>: Ditto. + * g10/import.c (import): Ditto. + (print_import_check): Ditto + * g10/keyring.c (do_copy): Ditto. + * g10/tdbio.c (tdbio_read_record): Ditto. + * g10/trustdb.c (tdb_update_ownertrust): Ditto. + (update_validity): Ditto. + + * g10/server.c (cmd_passwd): Remove useless call to skip_options. + + sm: Avoid warnings about useless assignments. + + commit 126aebbb82667d160c8c4435898efeb3b43c4ec8 + * sm/call-dirmngr.c (prepare_dirmngr): Remove setting of ERR. + (unhexify_fpr): Remove useless computation on N. + * sm/certchain.c (do_validate_chain): Remove clearing of RC. Remove + useless setting of RC. + * sm/fingerprint.c (gpgsm_get_keygrip): Remove setting of RC. + * sm/gpgsm.c (build_list): Replace final stpcpy by strcpy. + * sm/keydb.c (keydb_clear_some_cert_flags): Remove clearing of RC. + * sm/server.c (cmd_getauditlog): Comment unused skip_options. + + kbx: Avoid warnings about useless assignments. + + commit 0de7d61437bd0bfbe645d5eed7a62df03129fb32 + * kbx/keybox-dump.c (_keybox_dump_blob): Remove setting of IN_RANGE + and the last increment of P. + + gpg: Fix DNS cert lookup returning an URL. + + commit a41638acf4808caa619f4f3f4c0dcd12be00d6f8 + * g10/call-dirmngr.c (dns_cert_status_cb): Store URL status in the URL + param. The old code was entirely buggy (c+p error). + +2016-01-06 Daniel Kahn Gillmor <dkg@fifthhorseman.net> + + Fix keystrlen to work when OPT.KEYID_FORMAT is KF_DEFAULT. + + commit 2c3e67430d9b523c85c81ae562223fd51e3608cc + * g10/keyid.c (keystrlen): If opt.keyid_format is KF_DEFAULT unset, + default to KF_SHORT. + (format_keyid): Default to KF_SHORT, not KF_0xLONG. + +2016-01-06 Werner Koch <wk@gnupg.org> + + gpg: Silence some regression tests. + + commit c7389ae90fa4a70766400cc241ff6a45aa750324 + * g10/test.c (TEST): Print diagnostics only in verbose mode. + + gpg: Avoid using an uninitialized SALT on premature EOF. + + commit 85cc7449fb00ac85b0c2eecd22bd38b23f33edf5 + * g10/parse-packet.c (parse_key): Check for premature end of salt. + + gpg: Silence warnings found by static analyzer. + + commit 09accc0e3d74e6289bed40b5bfc6479981cabfe4 + * g10/keyedit.c (change_passphrase): Remove useless init of ANY. + (keyedit_quick_adduid): Remove useless setting of ERR. + * g10/parse-packet.c (parse_key): Remove PKTLEN from condition because + it has been checked before the loop. + (parse_plaintext): Remove useless init of PKTLEN. + + kbx: Avoid faulty fclose in an error case. + + commit db82b6131d437bf6ba34db0e08b7dfa9edb11e45 + * kbx/keybox-update.c (blob_filecopy): Do not close an uninitialized + file pointer after a failure to create a temp file. + * kbx/keybox-openpgp.c (next_packet): Remove duplicate assignment of + PKTLEN. + + dirmngr: Silence one regression test. + + commit 6deafb92abe100ff67e3a0a230a39e8c0ad41900 + * dirmngr/t-dns-stuff.c (main): Do not print info during standard + "make check". + + common: Avoid warnings about useless assignments. + + commit e64317c15e9960f3173d374e589f7c3565a4ad08 + * common/b64enc.c (b64enc_finish): Remove var assignment which is not + used later. + * common/iobuf.c (file_filter): Ditto. + * common/tlv.c (do_find_tlv): Ditto. + * common/userids.c (classify_user_id): Ditto. + + tests: Use info and error instead of a plain echo. + + commit 1fbfa1bf0a6ad0dc7ed67d12252643c2c6c7370a + * tests/openpgp/4gb-packet.test: Use error and info. + + common: Do not deref vars in tests after a fail(). + + commit 0a00115ee2049ab2357b7a14a51c7da185ffcabd + * common/t-convert.c (test_bin2hex): Turn if conditions into if-else + chains to avoid accessing unchecked data. + (test_bin2hexcolon): Ditto. + * common/t-mapstrings.c (test_map_static_macro_string): Ditto. + * common/t-stringhelp.c (test_percent_escape): Ditto. + (test_make_filename_try): Ditto. + (test_make_absfilename_try): Ditto. + * common/t-timestuff.c (test_timegm): Ditto. + +2016-01-05 Werner Koch <wk@gnupg.org> + + gpg: Align notes about minimal keysize with actual checks. + + commit e70f7a54f29d727def2cfe9ea5ab9d461b4ce842 + * g10/keygen.c (ask_keysize): Use 768 for the minimal value for DSA in + export mode. Improve readability. + +2016-01-05 NIIBE Yutaka <gniibe@fsij.org> + + agent: Fix RSA verification for card. + + commit ff3b607fc879b70665c187500022cc63e2a0cd86 + * agent/pksign.c (agent_pksign_do): Use S-exp of public key, instead + of shadowed key. + +2016-01-04 Neal H. Walfield <neal@g10code.com> + + gpg: Fix double free. + + commit 575c15a090913d86cf8d75b2bc4471e371f234b9 + * g10/getkey.c (get_pubkeys): Fix double free. + +2015-12-24 NIIBE Yutaka <gniibe@fsij.org> + + agent: IMPORT_KEY with --force option fix. + + commit 79b51bb8727bd3485229ac8ff5987558156d5d83 + * agent/cvt-openpgp.c (convert_from_openpgp_main): Add an option not + to check existing key. + (convert_from_openpgp): Ditto. + (convert_from_openpgp_native): Call convert_from_openpgp_main with + dontcare_exist=0. + * agent/command.c (cmd_import_key): Call with dontcare_exist=force. + + g10: Use --force when importing key for bkuptocard. + + commit 5ca57f1a697e875bae5a5c73f1a580c42ca75343 + * g10/call-agent.c (agent_import_key): Add an argument FORCE. + * g10/import.c (transfer_secret_keys): Likewise. + (import_secret_one): Call transfer_secret_keys with FORCE=0. + * g10/keyedit.c (keyedit_menu): Call with FORCE=1. + + g10: Remove subcommand checkbkupkey for --key-edit. + + commit 44aee35e69540510617aea4b886ef845590960fe + * g10/keyedit.c (keyedit_menu): Remove cmdCHECKBKUPKEY support. + + g10: Allow relative path for specifying the file for bkuptocard. + + commit ee433d2b00c93b5a4e4ed54b9fb5806361df1b71 + * g10/keyedit.c (keyedit_menu): Assume the file is under GNUPGHOME. + Also support tilda expansion. + + g10: fix regression of bkuptocard subcommand in --edit-key. + + commit 40959add1ba0efc1f4aa87fa075fa42423eff73c + * g10/keyedit.c (keyedit_menu): Call transfer_secret_keys. + * g10/import.c (transfer_secret_keys): Make it global function. + Allow stats==NULL. + + agent: Support --force option for IMPORT_KEY. + + commit e684c634df814b12d399dcdc375c35d3e9a137af + * agent/command.c (cmd_keywrap_key): New option --force. + +2015-12-23 Werner Koch <wk@gnupg.org> + + gpg: Rename struct pubkey to pukey_s and add pubkey_t. + + commit a9cbdcfd9c364557787f4a173cc59f14c067946e + * g10/keydb.h (struct pubkey): Rename to pubkey_s. + (pubkey_t): New. Change all struct pubkey_s to use this type. + * g10/getkey.c (get_pubkeys): Rename arg keys to r_keys. + + gpg: Simplify status message code from commit b30c15bf. + + commit 363ed2e892adc97fae97111bb56b64f9f809e8d5 + * g10/keygen.c (card_write_key_to_backup_file): Simplify by using + hexfingerprint. + + gpg: Add standard free() semantic to pubkey_free. + + commit 04c9cddda95f2a8ca5c0cf10bb3dd6accf56cf45 + * g10/getkey.c (pubkey_free): Check for NULL arg. + + gpg: Fix use of assert from commit dc417bf0. + + commit ef7b7e91600f35b4d682a6267001a8d30f0fa49f + * g10/keydb.c (keydb_update_keyblock): De-ref after the assert. Use + %zu for size_t. + + gpg: Do not translate debug output. + + commit b0c9867fb74d5a00335e6606d5bdcc5342ce26cd + * g10/getkey.c (parse_def_secret_key): Do not make strings passed to + log_debug translatable. + +2015-12-23 NIIBE Yutaka <gniibe@fsij.org> + + scd: Fix commit b30c15bf (again). + + commit aecf1a3c57ca8bf8050a3743b62fe142ccf9eb22 + * g10/keygen.c (do_generate_keypair): Clear the variable S. + +2015-12-22 Neal H. Walfield <neal@g10code.com> + + gpg: Fix type. + + commit 5c759924fb92b6de7ab3baed7871e5114ebd2505 + * g10/keygen.c (card_write_key_to_backup_file): Change n to a size_t. + + gpg: Fix error message. + + commit 4654384fe7a4dcee113dacf27c398b13dea5d0be + * g10/getkey.c (parse_def_secret_key): Fix error message. + + gpg: Don't check for ambiguous keys. + + commit 7195b94345b0bb937477dc47fc5ec27fb108a099 + * g10/gpg.c (struct result): Move from here... + * g10/keydb.h (struct pubkey): ... to here. Update users. + * g10/gpg.c (check_user_ids): Move from here... + * g10/getkey.c (get_pubkeys): ... to here. Update users. Use + get_pubkey_byname to look up the keys (this also prunes invalid keys). + (pubkey_free): New function. + (pubkeys_free): New function. + * g10/gpg.c (main): Don't check for ambiguous key specifications. + + gpg: Lazily evaluate --default-key. + + commit dc52995d85048ed12ae8b9f330e9ca41a4030aae + * g10/gpg.c (main): If --encrypt-to-default-key is specified, don't + add --default-key's value to REMUSR here... + * g10/pkclist.c (build_pk_list): ... do it here. + * tests/openpgp/Makefile.am (TESTS): Add default-key.test. + * tests/openpgp/default-key.test: New file. + + gpg: Remove unused parameter. + + commit ffe0b7a6dd6bfaec62f81f511b3caf08978bb269 + * g10/pkclist.c (build_pk_list): Remove parameter use, which is always + called set to PUBKEY_USAGE_ENC. Update callers. + + gpg: Improve check for ambiguous keys. + + commit 4103850c2e51274984f69443dee34295cbb8c282 + * g10/gpg.c (check_user_ids): When checking for ambiguous keys, ignore + encryption-only keys when a signing key is needed and vice-versa. + + gpg: Fix TOCTTOU when updating keyblocks. + + commit dc417bf0c555a7416d0aedde6645fd1087660f92 + * g10/keydb.c (keydb_update_keyblock): Don't replace the record at the + current offset. After taking the lock, extract the fingerprint from + the keyblock, find it and then replace it. + + Only add the user supplied CFLAGS after running any autoconf tests. + + commit 02eb9fc9d5863abcfed6af704e618f8cac7cc2e8 + * configure.ac: Only add the user supplied CFLAGS after running any + autoconf tests. + + gpg: Suppress a warning. + + commit 1cceba163b17b5e9fd7c89e5b40e3d7e1cffc885 + * dirmngr/dns-stuff.c (enable_dns_tormode): Reference new_circuit to + avoid a warning when ADNS is not available. + + gpg: Remove dead code. + + commit 4143cc1c3783c54a6f733f08a4739e4e5fb0c8b3 + * kbx/keybox-defs.h (struct keybox_found_s): Remove unused fields + offset and n_packets. + + gpg: Display the key that is invalid, not the search description. + + commit 7fe4be0416cdc9269011bc4213b8a22d6ced295c + * g10/getkey.c (parse_def_secret_key): Display the key that is + invalid, not the search description. + + gpg: Mark more options as coming from the config file (when this holds) + + commit 478ca6c75bbf529f95974224dfb7d71bd5860a96 + * g10/gpg.c (main): When --default-key or --encrypt-to-default-key is + taken from the config file, note this. + + gpg: Use enums instead of defines. + + commit ee8a8ec1cf4605e5af427f9c8b01b3609c82cbe7 + * g10/keydb.h (PK_LIST_ENCRYPT_TO): Change from a macro to an enum. + (PK_LIST_HIDDEN): Likewise. + (PK_LIST_CONFIG): Likewise. + (PK_LIST_SHIFT): Likewise.n + +2015-12-21 NIIBE Yutaka <gniibe@fsij.org> + + po: Update Japanese translation. + + commit d8392299f311f8cfcf8bc02679dd3ae7ef8cc6d7 + + + g10: clean up of headers for card. + + commit ab9a9bce77d014159c68460f5a7c263fb72f3c1c + * g10/main.h (save_unprotected_key_to_card): Remove. + * g10/options.h (ctapi_driver, pcsc_driver, disable_ccid): Remove. + +2015-12-21 Werner Koch <wk@gnupg.org> + + common: New file fwddecl.h. + + commit 98f9e14323bf806f674b3cc259e19ef6219b4378 + * common/util.h (server_control_s, ctrl_t): Move to ... + * common/fwddecl.h: New file. + * common/call-gpg.h: Replace typedef by fwddecl.h. Change include + protection macro name. + * common/Makefile.am (common_sources): Add fwddecl.h. + +2015-12-18 Werner Koch <wk@gnupg.org> + + build: Add required macro for pkg-config. + + commit af142854a73567836a0ca44ad62900469c23d531 + * configure.ac (PKG_PROG_PKG_CONFIG): New. + +2015-12-18 NIIBE Yutaka <gniibe@fsij.org> + + g10: Remove deprecated internal functions. + + commit 72eaff1aa610f3c89a755f212760157e1932d847 + * g10/keygen.c (do_ask_passphrase, generate_raw_key) + (gen_card_key_with_backup, save_unprotected_key_to_card): Remove. + + g10: Fix a regression for generating card key with backup. + + commit b30c15bf7c5336c4abb1f9dcd974cd77ba6c61a7 + * g10/main.h (receive_seckey_from_agent): Declare. + * g10/keygen.c (card_write_key_to_backup_file): New. + (card_store_key_with_backup): New. + (do_generate_keypair): Create a key on host for encryption key when + backup is requested. Then, call card_store_key_with_backup. + +2015-12-17 NIIBE Yutaka <gniibe@fsij.org> + + g10: factor out a function for secret key retrieval. + + commit e644aa7f5943174e3f7ba9408af71531fd125a0b + * g10/export.c (receive_seckey_from_agent): New. + (do_export_stream): Use it. + +2015-12-16 Neal H. Walfield <neal@g10code.com> + + gpg: When checking for ambiguous keys, ignore invalid keys. + + commit fc010b6c7fe14e609734e448775fa384421bdef1 + * g10/gpg.c (check_user_ids): When checking for ambiguous keys, ignore + disabled, revoked and expired keys (if appropriate for the provided + option). + +2015-12-15 Werner Koch <wk@gnupg.org> + + common: Use default_errsource for call-gpg and exectool. + + commit 4ffe44c5874ed655d82adfa7a85439fab91cde03 + * common/call-gpg.c (my_error_from_syserror, my_error_from_errno): New. + Use these wrappers. + * common/exectool.c (my_error_from_syserror): New. Use these + wrappers. + + gpg: Reduce number of strings to translate. + + commit 345ec7323d643528d2f904765708b5ecfe51f57b + * g10/getkey.c (parse_def_secret_key): Do not make debug messages + translatable. Make use of print_reported_error. + + gpg: New function to printed a detailed error code. + + commit 2ea1aebc924c3f0b2269f83cb1b80c75d9fa069c + * g10/misc.c (print_reported_error): New. + +2015-12-15 Neal H. Walfield <neal@g10code.com> + + gpg: Improve the keyblock cache's transparency. + + commit f369efd6712148dc7ed40dba6d1ff5b0e169431a + * kbx/keybox-search.c (keybox_seek): New function. + * g10/keydb.c (keydb_search): When reading from the cache, seek to + just after the cached record. + + gpg: Improve the keyblock cache's transparency. + + commit 2e4e10c1dcd8dfeafec51f44ebf26acfeb770c41 + * kbx/keybox-search.c (keybox_offset): New function. + * g10/keydb.c (struct keyblock_cache): Add fields resource and offset. + (keyblock_cache_clear): Reset HD->KEYBLOCK_CACHE.RESOURCE and + HD->KEYBLOCK_CACHE.OFFSET. + (keydb_search): Don't use the cached result if it comes before the + current file position. When caching an entry, also record the + position at which it was found. + + gpg: Use more descriptive names. + + commit 0ea186db645da2b51a7e71f46793d447f2de5e3d + * g10/keyring.c (KR_NAME): Rename this... + (KR_RESOURCE): ... to this. Update users. + (struct keyring_name): Rename this... + (struct keyring_resource): ... to this. Update users. + (struct off_item): Rename this... + (struct key_present): ... to this. Update users. + (OffsetHashTable): Rename this... + (key_present_hash_t): ... to this. Update users. + (kr_offtbl): Rename this... + (key_present_hash): ... to this. Update users. + (kr_offtbl_ready): Rename this... + (key_present_hash_ready): ... to this. Update users. + (KEY_PRESENT_HASH_BUCKETS): New define. Replace use of literals + with this. + (new_offset_item): Rename this... + (key_present_value_new): ... to this. Update users. + (release_offset_items): Drop dead code. + (new_offset_hash_table): Rename this... + (key_present_hash_new): ... to this. Update users. + (release_offset_hash_table): Drop dead code. + (lookup_offset_hash_table): Rename this... + (key_present_hash_lookup): ... to this. Update users. + (update_offset_hash_table): Rename this... + (key_present_hash_update): ... to this. Drop unused parameter off. + Update users. + (update_offset_hash_table_from_kb): Rename this... + (key_present_hash_update_from_kb): ... to this. Drop unused parameter + off. Update users. + +2015-12-15 NIIBE Yutaka <gniibe@fsij.org> + + sm: Handle gcry_pk_encrypt return value. + + commit 4ee881bff4c8fdfa4b3b7a4b7afab611471e97f1 + * sm/encrypt.c (encrypt_dek): Don't ignore failure of gcry_pk_encrypt. + +2015-12-14 Werner Koch <wk@gnupg.org> + + common: Change license of isascii.c to all-premissive, + + commit 7baca033070e7811f75e2021100adf8e6a48907f + * common/isascii.c: Change. + + common: Change license of some modules to LGPLv3+/GPLv2+. + + commit 7d129a7391115ff1d6a3541078a37a630ab7819f + * common/status.c: Change from GPLv3 to LGPLv3+/GPLv2+. + * common/status.h: Ditto. + * common/yesno.c: Ditto. + * common/common-defs.h: Ditto. + * common/gettime.h: Ditto. + * common/keyserver.h: Ditto. + + common: Change license for exectool to LGPLv3+/GPLv2+. + + commit 467e18b74b4790dcbdf3c816206d2fbaf170a12a + * common/exectool.c, common/exectool.h: Change license. + + common: Rename sh-exectool to exectool. + + commit d80e1bc430bf64debdb6b08f0b7e5c42836781fa + * common/sh-exectool.c: Rename to exectool.c. + * common/sh-exectool.h: Rename to exectool.h. + * common/Makefile.am (common_sources): Adjust for rename. + * common/exectool.c (sh_exec_tool_stream): Rename to + gnupg_exec-tool-stream. + (sh_exec_tool): Rename to gnupg_exec_tool. + * tools/gpgtar-create.c (gpgtar_create): Adjust for changes. + * tools/gpgtar-extract.c: Adjust for changes. + * tools/gpgtar-list.c: Adjust for changes. + +2015-12-14 Damien Goutte-Gattat <dgouttegattat@incenp.org> + + gpg: Print ownertrust in TOFU+PGP trust model. + + commit f5aa51aaacfe13ab9528aa9b88d8ce8eb61362fc + * g10/keyedit.c: Print ownertrust in TOFU+PGP trust model. + +2015-12-14 Neal H. Walfield <neal@g10code.com> + + gpg: Fix --default-key checks. + + commit e573e6188dada4d70f6897aa2fda3c3af8c50441 + * g10/getkey.c (parse_def_secret_key): Don't just check if a secret + key is available for the public key, also consider subkeys. Also + check that the key has the signing capability, is not revoked, is not + expired and is not disabled. Print a warning if there was a least one + value passed to --default-key and all were ignored. + +2015-12-14 NIIBE Yutaka <gniibe@fsij.org> + + scd: Fix regression for generating RSA keys on card. + + commit d40975cbe8ff86fcc4a1b4963fdffc66ddee85ce + * scd/app-openpgp.c (do_genkey): Strip leading zeros for fingerprint + computation. + +2015-12-12 Werner Koch <wk@gnupg.org> + + gpg: Use a regular type instead of a void* for import stats. + + commit 4d3395ef1fcde0b8c454c09956863959d590ede6 + * g10/import.c (struct stats_s): Rename to import_stats_s. Change all + users. + * g10/main.h (import_stats_t): New. Change fucntions to use this + instead of a void pointer. + + Remove replacements for libgpg-error < 1.21. + + commit f0ae40b0c901e5f5c04c6ed5b2ab96ab7340b2bd + * common/util.h: Remove replacement macros for libgpg-error<1.21. + * common/types.h: Ditto. + * common/mischelp.h: Ditto. + * common/t-mapstrings.c: Include t-support.h before stringhelp.h + * common/t-stringhelp.c: Ditto. + * common/t-support.h: Always include gpg-error.h. + * kbx/keybox-search.c: Do not include stringhelp.h so that keybox-defs + comes first. + +2015-12-11 Neal H. Walfield <neal@g10code.com> + + gpg: Fix buffer overflow. + + commit 1605e34fc365edd473aac15c9b4e5aadc1d95cf5 + * g10/keydb.c (keydb_search_desc_dump): Fix buffer overflow. + +2015-12-11 Justus Winter <justus@g10code.com> + + agent: Improve error handling. + + commit 25f0f053cd306200a6211b5cf397838a59835ee7 + * agent/pksign.c (agent_pksign_do): Improve error handling. + + Fix required libgpg-error version. + + commit d6e01493cad6ff32f356185c7a2d2b5c2b86a937 + * configure.ac (NEED_GPG_ERROR_VERSION): We need version 1.21 for the + poll interface. + +2015-12-11 Neal H. Walfield <neal@g10code.com> + + gpg: Don't error out if a key occurs multiple times in the keyring. + + commit 6dc37c5fb60acbfd5ba2ab979852383eac8944e0 + * g10/gpg.c (check_user_ids): Don't error out if a key occurs multiple + times in the keyring. Instead, print a warning. When printing out + fingerprint prints, use format_hexfingerprint to format them. + +2015-12-10 Daniel Hoffend <dh@dotlan.net> + + scd: Fix removal of unplugged usb readers on Windows. + + commit d1a97585c5e73fbc7d4cf90e38f76ffc5aea305f + * scd/apdu.c (pcsc_error_to_sw): map PCSC_E_NO_SERVICE and + PCSC_E_SERVICE_STOPPED to the internal SW_HOST_NO_READER error code. + +2015-12-07 Justus Winter <justus@g10code.com> + + tests: Add some more gpgtar tests. + + commit 1c8eae95a8b3b89bc0f49cb5f4938101634583dc + * tests/openpgp/gpgtar.test: Add more tests. + + dirmngr: Initialize http status code. + + commit 71726b627dcff015dc12568021b31d8ccede788a + * dirmngr/ks-action.c (ks_action_search): Initialize 'http_status' as + it is unused if LDAP is used to search for keys. + +2015-12-04 Daiki Ueno <ueno@gnu.org> + + gpg: Write ERROR status on delete-key cancellation. + + commit b5cd68852d0e3485c9e13a8ddb70f05f36a65cb9 + * g10/delkey.c (do_delete_key): Write ERROR status code with the error + location "delete_key.secret", when the user cancelled the operation on + Pinentry. + +2015-12-04 Justus Winter <justus@g10code.com> + + dirmngr: Stricter handling of http error codes. + + commit 6d64ef869dfbcb7aaa802b80ed648393147e40d8 + * dirmngr/ks-action.c (ks_action_search): Only retry if the keyserver + responded with a '404 Not Found'. + * dirmngr/ks-engine-hkp.c (send_request): Return http status code. + (ks_hkp_search): Likewise. + (ks_hkp_{get,put}): Adapt call to 'send_request'. + * dirmngr/ks-engine.h (ks_hkp_search): Update prototype. + + dirmngr: Really search all keyservers for patterns. + + commit 6ac57a482f7ae02db1bee4e4b861288fc6905adc + * dirmngr/ks-action.c (ks_action_search): Search all configured + keyservers for the given patterns. + + dirmngr: Handle http status '501 Not Implemented'. + + commit a8308ba5231682ce7c7d591a17e7e940fbd63189 + * dirmngr/ks-engine-hkp.c (send_request): Handle status 501 and return + GPG_ERR_NOT_IMPLEMENTED. + + tools/gpgtar: Implement symmetric encryption. + + commit 582e684a48eb4f3716cecf7dc73eb93046efcfad + * tests/openpgp/gpgtar.test: Add test case. + * tools/gpgtar-create.c (gpgtar_create): Pass '--symmetric' flag to + gpg. + * tools/gpgtar.c (parse_arguments): We do handle the argument now. + + tools/gpgtar: Implement signing. + + commit 45c814f348c89acd8d21d0607ffcf68e5c5c399e + * tests/openpgp/gpgtar.test: Test signing. + * tools/gpgtar-create.c (gpgtar_create): Add 'sign' option, add the + appropriate gpg arguments to implement signing and selecting the local + user. + * tools/gpgtar.c (parse_options): We do handle '--local-user' now. + (main): Handle signing, encrypting, and doing both when creating an + archive. + * tools/gpgtar.h (gpgtar_create): Update prototype. + + tools/gpgtar: Use the new exectool helper. + + commit 0c0dafd8e89bb702e856c661c1561e10cdcaf37f + * tools/Makefile.am: gpgtar now requires neither npth nor libassuan. + * tools/gpgtar-create.c (gpgtar_create): Use the new 'sh-exectool' + helper. + * tools/gpgtar-extract.c (gpgtar_extract): Likewise. + * tools/gpgtar-list.c (gpgtar_list): Likewise. + * tools/gpgtar.c (main): Set default gpg program. Drop the + initialization of npth and libassuan. + + common: Add a stream interface to 'sh-exectool'. + + commit a81aca6e1c2a4529d416d1989f15d7338d2ee81e + * common/sh-exectool.c (struct copy_buffer): Add infrastructure for + copying between streams. + (copy_buffer_{init,shred,do_copy,flush}): New functions. + (sh_exec_tool_stream): Rework 'sh_exec_tool' to operate on streams. + (nop_free): New function. + (sh_exec_tool): Express this in terms of 'sh_exec_tool_stream'. + * common/sh-exectool.h (sh_exec_tool_stream): New prototype. + + common: Add header file and build the new code. + + commit d955cb5e0700c6d2b6b26cb210b5a176d22d4235 + * common/Makefile.am (common_sources): Add new files. + * common/sh-exectool.h: New file. + +2015-12-04 Werner Koch <wk@gnupg.org> + + common: Add code to execute a helper. + + commit 2ae07f826aa551db8adf714158fce962790a6b54 + * common/sh-exectool.c: New file. + + Release 2.1.10. + + commit 9fadfdb3109f7ea42aaaa9d745b64c6c90cb8233 + + +2015-12-04 NIIBE Yutaka <gniibe@fsij.org> + + po: Japanese translation. + + commit 762fcc027b0b4cc88c1f633804de619273d6a8b9 + + +2015-12-04 Werner Koch <wk@gnupg.org> + + speedo,w32: Improve installer. + + commit 0fe3614d9afe42ecf80bbc932366ceeaba0a0ecc + * build-aux/speedo/w32/inst.nsi (SEC_gnupg): Install dirmngr.conf and + distsigkey.gpg. + (un.gnupglast): Stop dirmngr. + + gpg: Do not pre-check keys given on the command line. + + commit 28311d1fa56bfbd801103a8475597459132874f4 + * g10/keydb.h (PK_LIST_ENCRYPT_TO, PK_LIST_HIDDEN, PK_LIST_CONFIG) + (PK_LIST_SHIFT): New. + * g10/pkclist.c (build_pk_list): Use them here. + * g10/gpg.c (check_user_ids, main): Ditto. + + * g10/gpg.c (main): Set PK_LIST_CONFIG for REMUSR and LOCUSR. + (check_user_ids): Skip check for command line specified options. + + dirmngr: Add command to print the resolver version. + + commit 4ff2cae7dee36ffee854c5f05c3e8ee9eb0308dd + * dirmngr/server.c (cmd_getinfo): Add sub-command "dnsinfo". + + gpg: Allow "help" as value for --tofu-policy. + + commit 59f6192cb766612ad215bc6a3af13d5b137139e4 + * g10/gpg.c (parse_tofu_policy): Add keyword "help". + (parse_tofu_db_format): Ditto. + + Do not translate messages printed with log_debug. + + commit 218a52787a87be6b7481a39f87d212d6ef594e97 + * common/asshelp.c (start_new_gpg_agent): Do not i18n string. + (start_new_dirmngr): Ditto. + * g10/mainproc.c (proc_encrypted): Ditto. Print only if debug is + enabled. + +2015-12-04 NIIBE Yutaka <gniibe@fsij.org> + + scd: Fix for removing the prefix. + + commit f03976f1101f539a2782cd9e87d640fc32a022db + * scd/app-openopg.c (do_decipher): Fix the condition. + + scd: Simplify saving application context. + + commit 9639af5f16a7ed908cbce2415330b9fcd88edc90 + * scd/app.c (lock_table): Remove LAST_APP field. + (lock_reader, app_dump_state, application_notify_card_reset) + (release_application): Follow the change. + (check_conflict): New. + (check_application_conflict): Lock the slot and call check_conflict. + (select_application): Call check_conflict and not use LAST_APP. + + scd: More fix for Curve25519 prefix handling. + + commit f747adfa21551e083bc947540c64c94a96dcc059 + * scd/app-openpgp.c (do_decipher): Handle trancated cipher text. + Also fix xfree bug introduced. + +2015-12-03 Werner Koch <wk@gnupg.org> + + scd: Another fix for Curve25519 prefix handling. + + commit e28f2e7a2f265af8bbdb4979e9679b4396dccdd5 + * scd/app-openpgp.c (do_decipher): Check 0x02 also for 16+1 byte long + INDATA. + (do_decipher): Fix integer arithmetic in void pointer. + (do_decipher): Add missing memcpy. + + build: Avoid dependecy problems in "make distcheck". + + commit 0f61599ed0bd1cc6842067d040bb58ec0a451715 + * doc/Makefile.am (gnupg.texi): Depend on defs.inc. + + build: Change how caller provided CFLAGS are used by configure. + + commit 4e9957250eee3521dc979912a4818e58ffddc5b8 + * configure.ac: Append instead of prepend caller provided CFLAGS. + + gpg: Add variant of 'key "%s" not found: %s' error message. + + commit 5e2c5e9ec5b75fae886e1294adbdb7ad2ac12827 + * g10/gpg.c (check_user_ids): Change error message. + * g10/delkey.c (do_delete_key): Ditto. + + gpg: Make keyidlist more robust in case of errors. + + commit 50a568e7380752454c029eac2b57d8803b1cb287 + * g10/keyserver.c (keyidlist): Clear *KLIST on error. + + gpg: Take care of keydb_new returning NULL. + + commit a28ac99efead8be73ea1704abe1611ccc4811c54 + * g10/keydb.c (keydb_new): Print an error message if needed. Also use + xtrycalloc because we return an error anyway. + * g10/delkey.c (do_delete_key): Handle error retruned by keydb_new. + * g10/export.c (do_export_stream): Ditto. + * g10/getkey.c (get_pubkey): Ditto. + (get_pubkey_fast): Ditto. + (get_pubkeyblock): Ditto. + (get_seckey): Ditto. + (key_byname): Ditto. + (get_pubkey_byfprint): Ditto. + (get_pubkey_byfprint_fast): Ditto. + (parse_def_secret_key): Ditto. + (have_secret_key_with_kid): Ditto. + * g10/import.c (import_one): Ditto. + (import_revoke_cert): Ditto. + * g10/keyedit.c (keyedit_quick_adduid): Ditto. + * g10/keygen.c (quick_generate_keypair): Ditto. + (do_generate_keypair): Ditto. + * g10/trustdb.c (validate_keys): Ditto. + * g10/keyserver.c (keyidlist): Ditto. + * g10/revoke.c (gen_desig_revoke): Ditto. + (gen_revoke): Ditto. + * g10/gpg.c (check_user_ids): Ditto. + (main): Do not print an error message for keydb_new error. + * g10/keylist.c (list_all): Use actual error code returned by + keydb_new. + + * g10/t-keydb-get-keyblock.c (do_test): Abort on keydb_new error. + * g10/t-keydb.c (do_test): Ditto. + + * g10/keyring.c (keyring_new): Actually return an error so that the + existing keydb_new error checking makes sense for a keyring resource. + (keyring_rebuild_cache): Take care of keyring_new returning an error. + + gpg: Change some error messages. + + commit 9fcc047d921bde95b6807325b7fd2b697e89907f + * g10/getkey.c (parse_def_secret_key): Change error message. Replace + log_debug by log_info. + * g10/gpg.c (check_user_ids): Make function static. Change error + messages. + (main): Change error messages. + * g10/revoke.c (gen_revoke): Ditto. + +2015-12-03 NIIBE Yutaka <gniibe@fsij.org> + + scd: Fix "Conflicting usage" bug. + + commit f42c50dbf00c2e6298ca6830cbe6d36805fa54a3 + * scd/apdu.c (apdu_close_reader): Call CLOSE_READER method even if we + got an error from apdu_disconnect. + * scd/app-common.h (no_reuse): Remove. + * scd/app.c (application_notify_card_reset): Deallocate APP here. + (select_application, release_application): Don't use NO_REUSE. + + scd: Fix for Curve25519 prefix handling. + + commit 11b2691eddc42e91651e4f95dd2731255a3e9211 + * scd/app-openpgp.c (do_decipher): More condition for AES decipher. + Handle the prefix in cipher text. Always add the prefix in result. + +2015-12-03 Neal H. Walfield <neal@g10code.com> + + gpg: Use the matching key if the search description is exact. + + commit cedbd4709eed6fead9d1b271f96860c00547c77c + * g10/gpg.c (check_user_ids): If the search description is for an + exact match (a keyid or fingerprint that ends in '!'), then use the + matching key, not the primary key. + * tests/openpgp/Makefile.am (TESTS): Add use-exact-key.test. + (priv_keys): Add privkeys/00FE67F28A52A8AA08FFAED20AF832DA916D1985.asc, + privkeys/1DF48228FEFF3EC2481B106E0ACA8C465C662CC5.asc, + privkeys/A2832820DC9F40751BDCD375BB0945BA33EC6B4C.asc, + privkeys/ADE710D74409777B7729A7653373D820F67892E0.asc and + privkeys/CEFC51AF91F68A2904FBFF62C4F075A4785B803F.asc. + (sample_keys): Add + samplekeys/E657FB607BB4F21C90BB6651BC067AF28BC90111.asc. + * tests/openpgp/privkeys/00FE67F28A52A8AA08FFAED20AF832DA916D1985.asc: + New file. + * tests/openpgp/privkeys/1DF48228FEFF3EC2481B106E0ACA8C465C662CC5.asc: + New file. + * tests/openpgp/privkeys/A2832820DC9F40751BDCD375BB0945BA33EC6B4C.asc: + New file. + * tests/openpgp/privkeys/ADE710D74409777B7729A7653373D820F67892E0.asc: + New file. + * tests/openpgp/privkeys/CEFC51AF91F68A2904FBFF62C4F075A4785B803F.asc: + New file. + * tests/openpgp/samplekeys/E657FB607BB4F21C90BB6651BC067AF28BC90111.asc: + New file. + * tests/openpgp/use-exact-key.test: New file. + * tests/openpgp/version.test: Install the new private keys. + +2015-12-02 Werner Koch <wk@gnupg.org> + + build: Require at least Libassuan 2.4.1. + + commit 69db3285e4612ad24462149a4d64cc32c090a491 + * configure.ac (NEED_LIBASSUAN_VERSION): Set to 2.4.1. + * agent/gpg-agent.c (create_server_socket): Remove check for + libassuan >= 2.3.0 and >= 2.1.4. + (main): Remove check for libassuan >= 2.1.4. + * scd/scdaemon.c (create_server_socket): Remove check for + libassuan >= 2.1.4. + * dirmngr/dirmngr.c (set_tor_mode): Remove check for + libassuan >= 2.3.0. + * dirmngr/http.c (http_raw_connect, send_request): Remove checks for + libassuan >= 2.3.0. + +2015-12-02 Neal H. Walfield <neal@g10code.com> + + gpg: Improve documentation. + + commit 28195f8d27aa0fc9daf5b74fb24de87c36e04739 + * g10/tofu.c (initdb): Improve documentation. + + gpg: Fix type mismatch resulting in a buffer overflow. + + commit c73d75103cbd34975e2bd28e9924caee05eaf829 + * g10/tofu.c (record_binding): Change policy_old's type from an enum + tofu_policy to a long: this variable is passed by reference and a long + is expected. + +2015-12-02 Werner Koch <wk@gnupg.org> + + dirmngr: Switch to an onion address if Tor is running. + + commit 28e2513721ff0cec920564d4087f3600cce8672e + * dirmngr/dirmngr.h (opt): Turn field 'keyserver' into an strlist. + * dirmngr/dirmngr.c (parse_rereadable_options): Allow multiple + --keyserver options. + * dirmngr/server.c (server_local_s): Add field 'tor_state'. + (release_uri_item_list): New. + (release_ctrl_keyservers): Use it. + (start_command_handler): Release list of keyservers. + (is_tor_running): New. + (cmd_getinfo): Re-implement "tor" subcommand using new fucntion. + (ensure_keyserver): Rewrite. + * g10/dirmngr-conf.skel: Add two keyserver options. + + http: Enhance parser to detect .onion addresses. + + commit 17ac843871d5f350f26edff0187f94ced923f534 + * dirmngr/http.h (parsed_uri_s): Add flag 'onion'. + * dirmngr/http.c (do_parse_uri): Set that flag. + * dirmngr/t-http.c (main): Print flags. + +2015-12-02 Neal H. Walfield <neal@g10code.com> + + common,gpg: Fix processing of search descriptions ending in '!'. + + commit 10cca02c4c70eee993d4df0a1d20ae841992efe9 + * g10/gpg.c (check_user_ids): If the search description describes a + keyid or fingerprint and ends in a '!', include the '!' in the + rewritten description. + * common/userids.c (classify_user_id): Accept keyids and fingerprints + ending in '!'. + +2015-12-01 Justus Winter <justus@g10code.com> + + dirmngr: Improve error handling. + + commit 9c34711539fc2c34aea8da0fd49ae6aa28991518 + * dirmngr/dns-stuff.c (getsrv): Avoid looking at 'header' before + checking for errors, but silently ignore errors when looking up SRV + records. + +2015-12-01 Werner Koch <wk@gnupg.org> + + build: Let configure show the the status of Tor support. + + commit 3be12d1e1b8334fb2bba307ec9efbc004f1dbf8d + * configure.ac (show_tor_support): New + +2015-11-30 Werner Koch <wk@gnupg.org> + + doc: Make make distcheck work again. + + commit 4ecb5db804003c10c57bdc0dc7f1d9649c5ba6f8 + * doc/Makefile.am (DISTCLEANFILES): Add gpgkey2ssh.1 + + yat2m: Add keyword @url. + + commit b4756a54a55fcd51717c149e19191a2eeaa6a919 + * doc/yat2m.c (proc_texi_cmd): Add keyword @url. + + doc: Build man pages with the same date as the info files. + + commit 081c902f16a2f251df4593f090b3978dfa473a26 + * doc/Makefile.am (yat2m-stamp): Use option --date. + + yat2m: New option --date. + + commit 75eb071354d1f862bac09c56c8ab81dae8883270 + * doc/yat2m.c (opt_date): new. + (isodatestring): Use it if set. + (main): New option --date. + +2015-11-27 Werner Koch <wk@gnupg.org> + + gpg: Avoid extra translation strings. + + commit 686f31c3d5aee0d2825265869ae92ca95cdcabae + * g10/keyedit.c (menu_expire): Use only one prompt. + + kbx: Include gpg-error prior to mischelp.h. + + commit 436a154ea85e4dffbde7c3b316fbfca1b066aa2a + * kbx/keybox-init.c: Change order of includes. + + gpg,w32: Fix a format string error. + + commit 7c856f99144b84ac30e0c9a192f09dc36d93190a + * g10/keyring.c (keyring_search): Fix format string for off_t. + + Silence compiler warnings related to not using assuan_fd_t. + + commit 501436ab0f9d8e7d56b2f5e344006be5f5a3c653 + * common/call-gpg.c (start_gpg): Use assuan_fd_t. Note that the + declaration was already fixed by a previous change. + * dirmngr/server.c (cmd_getinfo): Use assuan_fd_t. + + Avoid incompatible pointer assignment warnings on Windows. + + commit 64e87083394d38998feab359caac917bcc6139d3 + * common/logging.c (fun_writer): Use gpgrt_ssize_t instead of ssize_t. + * dirmngr/server.c (data_line_cookie_write): Ditto. + * sm/certdump.c (format_name_writer): Ditto. + * sm/server.c (data_line_cookie_write): Ditto. + * dirmngr/http.c (cookie_read, cookie_write): Ditto. + + dirmngr: Avoid a declarations after statements. + + commit 100f34e869df899a695f5e5ef1b8e092baf91751 + * tools/gpgtar.c (parse_arguments): Use a block for a local varibale + definition. + + dirmngr: Avoid casting away a const from an char**. + + commit 6501741d2c1beb8060198a39a1aa950cb11b386f + * dirmngr/ldap.c (start_cert_fetch_ldap): Do not use pointers from + global variables. + + dirmngr: Allow testing for a running Tor via "getinfo tor". + + commit da5a232199ef93be219e933a7eaf4ccfc6d24d61 + * dirmngr/server.c (cmd_getinfo): Print an S line if Tor is not + running. + +2015-11-26 Werner Koch <wk@gnupg.org> + + g13: Fix commit 1a045b13. + + commit 82f6abb4807c89388052ab442368d9e09fb84aea + * g13/g13.c (main): Use existsing function. + + common: Fix off-by-one access in the new format_text. + + commit 61941a984964308b09c7fc1b3438fb99d0b3c917 + * common/stringhelp.c (format_text): Use existsing fucntion to trim + trailing spaces. Fix off-by-one access. + + dirmngr: Improve output of "getinfo tor". + + commit d226e67856e7197c581dcd2cef0f1e687bee0ac9 + * dirmngr/server.c (cmd_getinfo): Print a message along with OK. + + dirmngr: Let Libassuan employ nPth wrappers for connect. + + commit f95cff1cc9e7a4d9f6b7c45188ec47e70f9874dc + * dirmngr/http.c (my_unprotect, my_protect): Remove. + (connect_server): Do not use these wrappers. + +2015-11-26 Justus Winter <justus@g10code.com> + + tools/gpgtar: Add '--dry-run'. + + commit 676b2d7081291f7e47a66755ab07af259fea130b + * tools/gpgtar-extract.c (extract_{regular,directory}): Honor + '--dry-run'. + * tools/gpgtar.c (enum cmd_and_opt_values): New value. + (opts): Add '--dry-run'. + (parse_arguments): Handle '--dry-run'. + * tools/gpgtar.h (opt): Add field 'dry_run'. + + tools/gpgtar: Handle '--gpg-args'. + + commit 69a8440f44fa025e33a4cc32d17695c9ac385043 + * tools/gpgtar-create.c (gpgtar_create): Use given arguments. + * tools/gpgtar-extract.c (gpgtar_extract): Likewise. + * tools/gpgtar-list.c (gpgtar_list): Likewise. + * tools/gpgtar.c (enum cmd_and_opt_values): New value. + (opts): Add 'gpg-args'. + (parse_arguments): Handle arguments. + * tools/gpgtar.h (opt): Add field 'gpg_arguments'. + * tests/openpgp/gpgtar.test: Simplify accordingly. + + common: Make the GPG arguments configurable in call-gpg. + + commit 1a045b1324efabe7423a8d00245f01718ed72556 + * common/call-gpg.c (start_gpg): Add parameter 'gpg_arguments'. + (_gpg_encrypt, gpg_encrypt_blob, gpg_encrypt_stream): Likewise. + (_gpg_decrypt, gpg_decrypt_blob, gpg_decrypt_stream): Likewise. + * common/call-gpg.h: Adapt prototypes. + * g13/create.c (encrypt_keyblob): Adapt callsite. + * g13/g13-common.h (opt): Add field 'gpg_arguments'. + * g13/g13.c (main): Construct default arguments. + * g13/mount.c (decrypt_keyblob): Adapt callsite. + * tools/gpgtar-create.c (gpgtar_create): Likewise. + * tools/gpgtar-extract.c (gpgtar_extract): Likewise. + * tools/gpgtar-list.c (gpgtar_list): Likewise. + + tools/gpgtar: Handle '--tar-args' for compatibility with gpg-zip. + + commit 2eb3248058330dd5c37560d9887db5b5266c54fe + * tools/gpgtar.c (enum cmd_and_opt_values): New value. + (opts): Add new group for tar options, rearrange a little, add + '--tar-args'. + (tar_opts): New variable. + (shell_parse_stringlist): New function. + (shell_parse_argv): Likewise. + (parse_arguments): Add option argument, handle '--tar-args'. + (main): Fix invokation of 'parse_arguments'. + * tests/openpgp/gpgtar.test: Simplify decryption. + + tools/gpgtar: Rework argument parsing. + + commit 35c0c8b211bc891335e822379b33ea34fbc1f84f + * tools/gpgtar.c (main): Move argument parsing into its own function. + +2015-11-25 Justus Winter <justus@g10code.com> + + tests: Add tests for gpgtar and gpg-zip. + + commit 556e8c44267fe3b829ca06286e9b5637ca1a6a73 + * tests/openpgp/Makefile.am (TESTS): Add new file. + * tests/openpgp/gpgtar.test: New file. + + tools/gpgtar: Handle '--directory' argument. + + commit 127aba9a4d6c1aabb4a18a74b16d3bddc6eb5c54 + * tools/gpgtar-extract.c (gpgtar_extract): Only generate a directory + name if none is given via arguments. + * tools/gpgtar.c (enum cmd_and_opt_values): New constant. + (opts): Add argument. + (main): Parse argument. + * tools/gpgtar.h (opt): New field 'directory'. + + tools/gpgtar: Handle '--gpg' argument. + + commit 89e104eb38c3a6896892ff09db11cb1bae2bb0d3 + * tools/gpgtar-create.c (gpgtar_create): Use given gpg program. + * tools/gpgtar-extract.c (gpgtar_extract): Likewise. + * tools/gpgtar-list.c (gpgtar_list): Likewise. + * tools/gpgtar.c (enum cmd_and_opt_values): New constant. + (opts): Add argument. + (main): Handle argument. + * tools/gpgtar.h (opt): Add field 'gpg_program'. + + tools/gpgtar: Improve error handling. + + commit f76fb047c15914ba44dc9423d235484758bcd721 + * tools/gpgtar-create.c (gpgtar_create): Return an error code, fix + error handling. + * tools/gpgtar-extract.c (gpgtar_extract): Likewise. + * tools/gpgtar-list.c (read_header): Return an error code. + (gpgtar_list): Return an error code, fix error handling. + (gpgtar_read_header): Return an error code. + * tools/gpgtar.c: Add missing include. + (main): Print an generic error message if a command failed and no + error has been printed yet. + * tools/gpgtar.h (gpgtar_{create,extract,list,read_header}): Fix the + prototypes accordingly. + + tools: Add encryption and decryption support to gpgtar. + + commit 40dbee86f3043aff8a8c2055521e270318e33068 + * tools/Makefile.am: Amend CFLAGS and LDADD. + * tools/gpgtar-create.c (gpgtar_create): Add encrypt flag and encrypt + stream if requested. + * tools/gpgtar-extract.c (gpgtar_extract): Likewise for decryption. + * tools/gpgtar-list.c (gpgtar_list): Likewise. + * tools/gpgtar.c (main): Initialize npth and assuan. Parse recipient + and local user, and note which flags are currently ignored. Adapt + calls to gpgtar_list and friends. + (tar_and_encrypt): Drop stub function and prototype. + (decrypt_and_untar): Likewise. + (decrypt_and_list): Likewise. + * tools/gpgtar.h (gpgtar_{create,extract,list}): Add encryption or + decryption argument. + + common: Add stream interface to call-pgp. + + commit 03bf88f32c8d203d5b3bfbbc48cc45e6c08cc187 + * common/call-gpg.c (struct writer_thread_parms): Add field 'stream'. + (writer_thread_main): Support reading from a stream. + (start_writer): Add stream argument. + (struct reader_thread_parms): Add field 'stream'. + (reader_thread_main): Support writing to a stream. + (start_reader): Add stream argument. + (_gpg_encrypt): Add stream api. + (gpg_encrypt_blob): Adapt accordingly. + (gpg_encrypt_stream): New function. + (_gpg_decrypt): Add stream api. + (gpg_decrypt_blob): Adapt accordingly. + (gpg_decrypt_stream): New function. + * common/call-gpg.h (gpg_encrypt_stream): New prototype. + (gpg_decrypt_stream): Likewise. + + common: Refactor the call-gpg code. + + commit cb18d802308bde4e28219417bb4d107a4c0001b4 + * common/call-gpg.c (gpg_{en,de}crypt_blob): Move most of the code + into two new functions, _gpg_encrypt and _gpg_decrypt. + + g13: Move 'call-gpg.c' to common. + + commit ba1a5cc17d43d9cba32447876f06a8ab8f97e5ae + * common/Makefile.am (common_sources): Add files. + * g13/call-gpg.c: Move to 'common' and adapt slightly. Add a + parameter to let callees override the gpg program to execute. + * g13/call-gpg.h: Likewise. + * g13/Makefile.am (g13_SOURCES): Drop files. + * g13/create.c (encrypt_keyblob): Hand in the gpg program to execute. + * g13/mount.c (decrypt_keyblob): Likewise. + +2015-11-24 Neal H. Walfield <neal@g10code.com> + + gpg: When comparing keyids, use the keyid, not the fingerprint's suffix. + + commit e9c16fee2576c772de9d4fb5d53fee28e4b84202 + * g10/keyedit.c (menu_select_key): Use spacep and hexdigitp instead of + inline tests. Don't compare P to the suffix of the fingerprint. If P + appears to be a keyid, do an exact compare against the keyid. If it + appears to be a fingerprint, do an exact compare against the + fingerprint. + +2015-11-23 Neal H. Walfield <neal@g10code.com> + + gpg: Reflow long texts. + + commit 19362a8dd7ee986c082a5afc5a446f939991ec0f + * common/stringhelp.c (format_text): New function. + * common/t-stringhelp.c (stresc): New function. + (test_format_text): New function. Test format_text. + * g10/tofu.c (get_trust): Use format_text to reflow long texts. + (show_statistics): Likewise. + + common: Extend utf8_charcount to include the string's length. + + commit 5b84b0d660c8329e184d98682665aaea7e1703d2 + * common/stringhelp.c (utf8_charcount): Take additional parameter, + len. Process at most LEN bytes. + +2015-11-23 Justus Winter <justus@g10code.com> + + dirmngr: Fix http lookups when libadns is used. + + commit b75e1b3d8b1643640d046f7f8e89adf5b1caa7a3 + * dirmngr/dns-stuff.c (resolve_name_adns): Fill in the port. + + dirmngr: Fix SRV record lookups when using the system resolver. + + commit 946faaff04f3340ed6db9e89c5036dc5f9beca6a + * dirmngr/dns-stuff.c (getsrv): Fix error handling. + + dirmngr: Honor ports specified in SRV records. + + commit 73c1a86ad937d7be027eece991c69aaeb6a1f092 + * dirmngr/ks-engine-hkp.c (struct hostinfo_s): New field 'port'. + (create_new_hostinfo): Initialize 'port'. + (add_host): Add host parameter and update the hosttable entry. + (map_host): Return port if known, adjust calls to 'add_host'. + (make_host_part): Let 'map_host' specify the port if known. + + dirmngr: Support hkp server pools using SRV records. + + commit c9f5aa15793b3c05c1b92af401b23ab34d3e6196 + * dirmngr/ks-engine-hkp.c (map_host): Handle SRV records. + + dirmngr: Refactor 'map_host'. + + commit 3f52f6bcacfe3877d30a21464e93e9240bc75085 + * dirmngr/ks-engine-hkp.c (add_host): New function. + (map_host): Use the new function. + + dirmngr: Fix pool detection. + + commit 23ea641ba2a063cc99c82869061703d48bc674b2 + * dirmngr/ks-engine-hkp (arecords_is_pool): Fix counting IP addresses. + + dirmngr: Refactor 'map_host'. + + commit 2b43a0515868b8720009e48d7a1f32d571767f14 + * dirmngr/ks-engine-hkp.c (arecords_is_pool): New function. + (map_host): Use the new function. + + dirmngr: Start dirmngr on demand. + + commit a9e0b1dd6c106e243e3fbbaa1838b56a1f1c8584 + * common/asshelp.h: Include 'util.h'. + * dirmngr/dirmngr-client.c (main): Use 'start_new_dirmngr' to connect + to the dirmngr. + (start_dirmngr): Drop now unused declaration and function. + +2015-11-23 Neal H. Walfield <neal@g10code.com> + + gpg: If sqlite is not available, don't build things depending on it. + + commit 770c06ed4e6c1097d6e305a0a9427c3c783b787c + * configure.ac: Define the automake conditional SQLITE3. + * tests/openpgp/Makefile.am (TESTS): Move the sqlite3 dependent tests + to... + (sqlite3_dependent_tests): ... this new variable. If SQLITE3 is not + defined, then clear this variable. + + gpg: Allow updating the expiration time of multiple subkeys at once. + + commit b64b33bb80a8cf5dcc1fdbc62023d019fe2c8cb1 + * g10/keyedit.c (menu_expire): Allow updating the expiration time of + multiple subkeys at once. + + gpg: Don't crash if key is not passed an argument. + + commit 19f099463c82c119288a05eaefc42bf09d617377 + * g10/keyedit.c (menu_select_key): Don't crash if P is NULL. + +2015-11-20 Neal H. Walfield <neal@g10code.com> + + gpg: Fail if the search description passed to --gen-revoke is ambiguous. + + commit 178af9c3f56d385fe28a9e5e8bde0ab34c0b260e + * g10/revoke.c (gen_revoke): Error out if the search description is + ambiguous. + + gpg: Refactor print_seckey_info. + + commit f8a65ac96b27a0963892892ce6e93b37b8df1ad7 + * g10/keylist.c (print_seckey_info): Break formatting functionality + into... + (format_seckey_info): ... this new function. + + gpg: Improve an error message. + + commit 46e128d44a0456dc603bc9e25a4c5d8da903b078 + * g10/revoke.c (gen_revoke): Provide a more descriptive error message + if searching for a key fails. + +2015-11-19 Justus Winter <justus@g10code.com> + + dirmngr: Improve error handling. + + commit 6b14df5525777ee0330a34a7b335359f562616a4 + * dirmngr/crlcache.c (crl_cache_cert_isvalid): Add missing break. + + dirmngr: Fix memory leak. + + commit b223cde311e4e02f7983e33fe3d7214287dfb678 + * dirmngr/ldap.c (start_cert_fetch_ldap): Avoid leaking all malloc'ed + arguments. + + agent: Improve error handling. + + commit a1650b1edf80c2526c0576547b3a574e8d30f1fa + * agent/trustlist.c (istrusted_internal): Initialize 'err'. + + common: Avoid undefined behavior. + + commit eb957ffc4797fb019c505510295af244baf5be38 + * common/iobuf.c (iobuf_esopen): Initialize 'len' as 'file_es_filter' + will make use of it. + + g10: Avoid undefined behavior. + + commit 52f7f195b119dc01bdf3ae200fdc8e04a0bb9bcb + * g10/trust.c (clean_one_uid): Avoid a computation involving an + uninitialized value. + + scd: Improve error handling. + + commit 6a37b45a7f13cf5d2ae7d6c9cd796a4bd197b80d + * scd/app-openpgp.c (get_public_key): Improve error handling. + +2015-11-18 Justus Winter <justus@g10code.com> + + dirmngr: Gracefully handle premature termination of TLS streams. + + commit eb54fca4bf3ef8e0cd50b01df5b40e0d6d318d7e + * dirmngr/http.c (close_tls_session): New function. + (session_unref): Use the new function to close the TLS stream. + (cookie_read): If the stream terminated prematurely, close it and + return a short read. + +2015-11-17 Neal H. Walfield <neal@g10code.com> + Michael Mönch <michael.moench@marktjagd.de> + + tools: Fix option parsing for gpg-zip. + + commit 84ebf15b06e435453b2f58775f97a3a1c61a7e55 + * tools/gpg-zip.in: Correctly set GPG when --gpg is specified. + Correctly set TAR when --tar is specified. Pass TAR_ARGS to tar. + +2015-11-17 Neal H. Walfield <neal@g10code.com> + + gpg: Allow selecting subkeys using a keyid. + + commit 0b86c7463c8c057496b38e06c00f0ae4288dad49 + * g10/keyedit.c (menu_select_key): Take an additional argument, p. + Update callers. If P is a hex string, then assume that P is a key id + or fingerprint and select subkeys with matching key ids or + fingerprints. + * doc/gpg.texi: Update documentation for the key subcommand. + +2015-11-17 Justus Winter <justus@g10code.com> + + dirmngr: Fix specifying keyservers by IP address. + + commit 1e3dbb15affd6d75a477aa17715d8e5470988c08 + * dirmngr/ks-engine-hkp.c (map_host): Update the original 'hosttable' + entry instead of creating another one. + +2015-11-17 Neal H. Walfield <neal@g10code.com> + + gpg: Change keydb_search to not return legacy keys. + + commit 58e4a492e2c8e908d16135486ed601f602f1e38d + * g10/keyring.c (keyring_search): Take new argument, ignore_legacy. + If set, skip any legacy keys. Update callers. + * g10/keydb.c (keydb_search): Skip any legacy keys. + (keydb_search_first): Don't skip legacy keys. Treat them + as an error. + (keydb_search_next): Likewise. + (keydb_search_fpr): Likewise. + * g10/export.c (do_export_stream): Likewise. + * g10/getkey.c (lookup): Likewise. + (have_secret_key_with_kid): Likewise. + * g10/keylist.c (list_all): Likewise. + (keyring_rebuild_cache): Likewise. + * g10/keyserver.c (keyidlist): Likewise. + * g10/trustdb.c (validate_key_list): Likewise. + + gpg: Correctly handle an error. + + commit 848726f5c02faddb0b0fd24ce1a66893f5325675 + * g10/keyring.c (keyring_search): If a compare function returns an + error, treat it as an error. + + gpg: Correctly handle keyblocks followed by legacy keys. + + commit ad9befab12376b3a49cde410996ac9f0013d0871 + * g10/keyring.c (keyring_get_keyblock): If we encounter a legacy + packet after already having some non-legacy packets, then treat the + legacy packet as a keyblock boundary, not as part of the keyblock. + * g10/t-keydb-get-keyblock.c: New file. + * g10/t-keydb-get-keyblock.gpg: New file. + * g10/Makefile.am (EXTRA_DIST): Add t-keydb-get-keyblock.gpg. + (module_tests): Add t-keydb-get-keyblock. + (t_keydb_get_keyblock_SOURCES): New variable. + (t_keydb_get_keyblock_LDADD): Likewise. + + gpg: Make debugging search descriptors easier. + + commit 11ec4785df1646643966d872b1b53ef675092c98 + * g10/keydb.c (dump_search_desc): Rename from this... + (keydb_search_desc_dump): ... to this. Only process a single search + descriptor. Improve output. Don't mark as static. Update callers. + + gpg: Add function format_keyid. + + commit a052c30d31c0f6b532fea081f4a9bee083f5440f + * g10/options.h (opt.keyid_format): Add new value KF_DEFAULT. + * g10/keyid.c (format_keyid): New function. + (keystr): Use it. + + gpg: Use a more appropriate error code. + + commit eae982ed6d69644258afe9c4ad1be553853d8403 + * g10/gpg.c (check_user_ids): Return a more appropriate error code if + a user id is ambiguous. + +2015-11-17 Justus Winter <justus@g10code.com> + + Fix typos found using codespell. + + commit a9e0905342e847e8961ec4fe9b3aaedf05e33423 + * agent/cache.c: Fix typos. + * agent/call-pinentry.c: Likewise. + * agent/call-scd.c: Likewise. + * agent/command-ssh.c: Likewise. + * agent/command.c: Likewise. + * agent/divert-scd.c: Likewise. + * agent/findkey.c: Likewise. + * agent/gpg-agent.c: Likewise. + * agent/w32main.c: Likewise. + * common/argparse.c: Likewise. + * common/audit.c: Likewise. + * common/audit.h: Likewise. + * common/convert.c: Likewise. + * common/dotlock.c: Likewise. + * common/exechelp-posix.c: Likewise. + * common/exechelp-w32.c: Likewise. + * common/exechelp-w32ce.c: Likewise. + * common/exechelp.h: Likewise. + * common/helpfile.c: Likewise. + * common/i18n.h: Likewise. + * common/iobuf.c: Likewise. + * common/iobuf.h: Likewise. + * common/localename.c: Likewise. + * common/logging.c: Likewise. + * common/openpgp-oid.c: Likewise. + * common/session-env.c: Likewise. + * common/sexputil.c: Likewise. + * common/sysutils.c: Likewise. + * common/t-sexputil.c: Likewise. + * common/ttyio.c: Likewise. + * common/util.h: Likewise. + * dirmngr/cdblib.c: Likewise. + * dirmngr/certcache.c: Likewise. + * dirmngr/crlcache.c: Likewise. + * dirmngr/dirmngr-client.c: Likewise. + * dirmngr/dirmngr.c: Likewise. + * dirmngr/dirmngr_ldap.c: Likewise. + * dirmngr/dns-stuff.c: Likewise. + * dirmngr/http.c: Likewise. + * dirmngr/ks-engine-hkp.c: Likewise. + * dirmngr/ks-engine-ldap.c: Likewise. + * dirmngr/ldap-wrapper.c: Likewise. + * dirmngr/ldap.c: Likewise. + * dirmngr/misc.c: Likewise. + * dirmngr/ocsp.c: Likewise. + * dirmngr/validate.c: Likewise. + * g10/encrypt.c: Likewise. + * g10/getkey.c: Likewise. + * g10/gpg.c: Likewise. + * g10/gpgv.c: Likewise. + * g10/import.c: Likewise. + * g10/keydb.c: Likewise. + * g10/keydb.h: Likewise. + * g10/keygen.c: Likewise. + * g10/keyid.c: Likewise. + * g10/keylist.c: Likewise. + * g10/keyring.c: Likewise. + * g10/mainproc.c: Likewise. + * g10/misc.c: Likewise. + * g10/options.h: Likewise. + * g10/packet.h: Likewise. + * g10/parse-packet.c: Likewise. + * g10/pkclist.c: Likewise. + * g10/pkglue.c: Likewise. + * g10/plaintext.c: Likewise. + * g10/server.c: Likewise. + * g10/sig-check.c: Likewise. + * g10/sqlite.c: Likewise. + * g10/tdbio.c: Likewise. + * g10/test-stubs.c: Likewise. + * g10/tofu.c: Likewise. + * g10/trust.c: Likewise. + * g10/trustdb.c: Likewise. + * g13/create.c: Likewise. + * g13/mountinfo.c: Likewise. + * kbx/keybox-blob.c: Likewise. + * kbx/keybox-file.c: Likewise. + * kbx/keybox-init.c: Likewise. + * kbx/keybox-search-desc.h: Likewise. + * kbx/keybox-search.c: Likewise. + * kbx/keybox-update.c: Likewise. + * scd/apdu.c: Likewise. + * scd/app-openpgp.c: Likewise. + * scd/app-p15.c: Likewise. + * scd/app.c: Likewise. + * scd/ccid-driver.c: Likewise. + * scd/command.c: Likewise. + * scd/iso7816.c: Likewise. + * sm/base64.c: Likewise. + * sm/call-agent.c: Likewise. + * sm/call-dirmngr.c: Likewise. + * sm/certchain.c: Likewise. + * sm/gpgsm.c: Likewise. + * sm/import.c: Likewise. + * sm/keydb.c: Likewise. + * sm/minip12.c: Likewise. + * sm/qualified.c: Likewise. + * sm/server.c: Likewise. + * tools/gpg-check-pattern.c: Likewise. + * tools/gpgconf-comp.c: Likewise. + * tools/gpgkey2ssh.c: Likewise. + * tools/gpgparsemail.c: Likewise. + * tools/gpgtar.c: Likewise. + * tools/rfc822parse.c: Likewise. + * tools/symcryptrun.c: Likewise. + +2015-11-16 Neal H. Walfield <neal@g10code.com> + + gpg: Fix error checking and improve error reporting. + + commit 8e2bea22b0927f4f95a248cc7517f407a705d8a8 + * g10/gpg.c (check_user_ids): Differentiate between a second result + and an error. If the key specification is ambiguous or an error + occurs, set RC appropriately. + +2015-11-14 Werner Koch <wk@gnupg.org> + + gpg: Use only one fingerprint formatting function. + + commit 3689c2105aab6a4304e9464c5b20207d69b9a133 + * g10/gpg.h (MAX_FORMATTED_FINGERPRINT_LEN): New. + * g10/keyid.c (hexfingerprint): Add optional args BUFFER and BUFLEN. + Change all callers. + (format_hexfingerprint): New. + * g10/keylist.c (print_fingerprint): Change to use hexfingerprint. + * g10/tofu.c (fingerprint_format): Remove. Replace calls by + format_hexfingerprint. + +2015-11-13 Werner Koch <wk@gnupg.org> + + gpg: Simplify the tofu interface by using the public key packet. + + commit e7d7160ab7cd4e6b460bfe36fd3a7275adadb4e2 + * g10/tofu.c (fingerprint_str): Remove. + (tofu_register): Take a public key instead of a fingerprint as arg. + Use hexfingerprint() to get a fpr from the PK. + (tofu_get_validity): Ditto. + (tofu_set_policy, tofu_get_policy): Simplify by using hexfingerprint. + * g10/trustdb.c (tdb_get_validity_core): Pass the primary key PK to + instead of the fingerprint to the tofu functions. + + gpg: Make trusted-key override for Tofu robust against swapped tofu.db. + + commit 7de8376430625c1f6f3a58ae16276deca8ff6a82 + * g10/tofu.c (get_trust): For the UTK check lookup the key by + fingerprint. + + gpg: Fix regression in --locate-keys (in 2.1.9). + + commit 7e59fb21f728b5f54468cd35b1415a2f86003d4f + * g10/getkey.c (getkey_ctx_s): Add field "extra_list". + (get_pubkey_byname): Store strings in the context. + (getkey_end): Free EXTRA_LIST. + +2015-11-12 Werner Koch <wk@gnupg.org> + + gpg: Print a new EXPORTED status line. + + commit 2038adf16d0e7eeb614043aae17b16a867de6b70 + * common/status.h (STATUS_EXPORTED): New. + * g10/export.c (print_status_exported): New. + (do_export_stream): Call that function. + + gpg: Print export statistics to the status-fd. + + commit e3c48335f9c5081c6080bceafa7a04140403427a + * common/status.h (STATUS_EXPORT_RES): New. + * g10/main.h (export_stats_t): New. + * g10/export.c (export_stats_s): New. + (export_new_stats, export_release_stats): New. + (export_print_stats): New. + (export_pubkeys, export_seckeys, export_secsubkeys) + (export_pubkey_buffer, do_export): Add arg "stats". + (do_export_stream): Add arg stats and update it. + * g10/gpg.c (main) <aExport, aExportSecret, aExportSecretSub>: Create, + pass, and print a stats object to the export function calls. + + * g10/export.c (export_pubkeys_stream): Remove unused function. + + dirmngr: Do not block during ADNS calls. + + commit a3b26d6c0839ec18d1dc226bb537d5067c86d574 + * dirmngr/dns-stuff.c: Include npth.h + (my_unprotect, my_protect): New wrapper. + (resolve_name_adns): Put unprotect/protect around adns calls. + (get_dns_cert): Ditto. + (getsrv): Ditto. + (get_dns_cname): Ditto. + + dirmngr: New option --nameserver. + + commit a2cc1d57552ccac7b2f9a0c6423b171b2a168b2a + * dirmngr/dirmngr.c (oNameServer): New. + (opts): Add --nameserver. + (parse_rereadable_options): Act upon oNameServer. + * dirmngr/dns-stuff.c (DEFAULT_NAMESERVER): New. + (tor_nameserver): New. + (set_dns_nameserver): New. + (my_adns_init): Make name server configurable. + +2015-11-11 Neal H. Walfield <neal@g10code.com> + + gpg: Fix cache consistency problem. + + commit 7546e818791988c00b8635dab5b899265d8d9f42 + g10/keyring.c (keyring_search): Only mark the cache as completely + filled if we start the scan from the beginning of the keyring. + +2015-11-10 Neal H. Walfield <neal@g10code.com> + + gpg: Default to the the PGP trust model. + + commit 67c701d1e53f56305e3b8771c683c45bb9672305 + * g10/trustdb.c (init_trustdb): If we can't read the trust model from + the trust DB, default to TM_PGP, not TM_TOFU_PGP. + + gpg: Default to the flat TOFU DB format. + + commit 951f277b6bf8178560105538d38e2a07a96865bd + * g10/tofu.c (opendbs): If the TOFU DB format is set to auto and there + is no TOFU DB, default to the flat format. + +2015-11-09 Werner Koch <wk@gnupg.org> + + dirmngr: Change to new ADNS Tor mode init scheme. + + commit 288c9919dc45496b2380eeac487a8539692d6842 + * dirmngr/dns-stuff.c (tor_credentials): New. + (enable_dns_tormode): Add arg new_circuit and update tor_credentials. + (my_adns_init): Rework to set Tor mode using a config file options and + always use credentials. + * dirmngr/server.c (cmd_dns_cert): Improve error message. + * dirmngr/t-dns-stuff.c (main): Add option --new-circuit. + + dirmngr: Improve detection of ADNS. + + commit f92e95175e90120362a7d6376fb32307e11267b5 + * configure.ac (HAVE_ADNS_FREE): New ac_define. + +2015-11-09 NIIBE Yutaka <gniibe@fsij.org> + + scd: Add reder information to --card-status. + + commit bce0e3f71df0709a7d323a688ddf2690c1727a6c + * g10/call-agent.h, g10/call-agent.c (agent_release_card_info) + g10/card-util.c (card_status): Add READER. + * scd/apdu.c (close_ccid_reader, open_ccid_reader): Handle RDRNAME. + (apdu_get_reader_name): New. + * scd/ccid-driver.c (ccid_open_reader): Add argument to RDRNAME_P. + * scd/command.c (cmd_learn): Return READER information. + +2015-11-06 Werner Koch <wk@gnupg.org> + + gpg: Avoid new strings. + + commit 2242658efe0c975a46c3316bc9171ddbce085e2c + * g10/decrypt-data.c (decrypt_data): Use already translated strings. + + common: Fix commit f99830b. + + commit 20125333e7b822e8c70ac8cef986649f0654eb56 + * common/userids.c (classify_user_id): Avoid underflow. Use spacep to + also trim tabs. + +2015-11-06 Neal H. Walfield <neal@g10code.com> + + gpg: Fix formatting string. + + commit 28e198201e580b39bceb9c151df07fc0e936a91d + * g10/decrypt-data.c (decrypt_data): Fix formatting string. + + gpg: Add new option --only-sign-text-ids. + + commit a74aeb5dae1f673fcd98b39a6a0496f3c622709a + * g10/options.h (opt): Add field only_sign_text_ids. + * g10/gpg.c (enum cmd_and_opt_values): Add value oOnlySignTextIDs. + (opts): Handle oOnlySignTextIDs. + (main): Likewise. + * g10/keyedit.c (sign_uids): If OPT.ONLY_SIGN_TEXT_IDS is set, don't + select non-text based IDs automatically. + (keyedit_menu): Adapt the prompt asking to sign all user ids according + to OPT.ONLY_SIGN_TEXT_IDS. + * doc/gpg.texi: Document the new option --only-sign-text-ids. + + common: When classifying keyids and fingerprints, reject trailing junk. + + commit f99830b72812395da5451152bdd2f2d90a7cb7fb + * common/userids.c (classify_user_id): Trim any trailing whitespace. + Before assuming that a hexstring corresponds to a key id or + fingerprint, make sure that it is NUL terminated. + + gpg: Check for ambiguous or non-matching key specs. + + commit e8c53fca954d33366e3494a6d4eecc3868282bcc + * g10/gpg.c (check_user_ids): New function. + (main): Check that any user id specifications passed to --local-user + and --remote-user correspond to exactly 1 user. Check that any user + id specifications passed to --default-key correspond to at most 1 + user. Warn if any user id specifications passed to --local-user or + --default-user are possible ambiguous (are not specified by long keyid + or fingerprint). + * g10/getkey.c (parse_def_secret_key): Don't warn about possible + ambiguous key descriptions here. + + common: Add new function strlist_rev. + + commit f38bac8883ea2e9ed8e2836f97a953efb85e774c + * common/strlist.c (strlist_rev): New function. + * common/t-strlist.c: New file. + * common/Makefile.am (common_sources): Add strlist.c and strlist.h. + (module_tests): Add t-strlist. + (t_strlist_LDADD): New variable. + + common: Include required, but not included headers in t-support.h. + + commit 23e163473f050d1f2c08f589beb9dab283b7d624 + * common/t-support.h: Include <stdlib.h> and <stdio.h>. + +2015-11-05 Neal H. Walfield <neal@g10code.com> + + gpg: Indicate which characters are invalid. + + commit a958ffd148a46f3757d1c309bb13555638044640 + * g10/keygen.c (ask_user_id): Indicate which characters are invalid. + + gpg: Add support for unwrapping the outer level of encryption. + + commit ec409e62aea6cc829299be794f9d035d033cb51b + * g10/decrypt-data.c (decrypt_data): If OPT.UNWRAP_ENCRYPTION is set, + copy the data to the output file instead of continuing to process it. + * g10/gpg.c (enum cmd_and_opt_values): Add new value oUnwrap. + (opts): Handle oUnwrap. + (main): Likewise. + * g10/options.h (opt): Add field unwrap_encryption. + * g10/plaintext.c (handle_plaintext): Break the output file selection + functionality into ... + (get_output_file): ... this new function. + + common: Add a function for copying data from one iobuf to another. + + commit fd4b9e232805b2e30b29903568c95cc0aad8bbec + * common/iobuf.c (iobuf_copy): New function. + + doc: Note that gpgkey2ssh is deprecated. + + commit 2b0e0a53b4db8c44e299f57a9f4f9fc1b825e707 + * doc/tools.texi (gpgkey2ssh): Note that gpgkey2ssh is deprecated. + + tools: Fix gpgkey2ssh's most gratuitous errors. Use gpg2, not gpg. + + commit cd2d685230ecafb7df504ef2b16cf1ec9a014300 + * tools/gpgkey2ssh.c (main): Add support for --help. Replace the most + gratuitous asserts with error messages. Invoke gpg2, not gpg. + +2015-11-05 Neal H. Walfield <neal@g10code.com> + Daniel Kahn Gillmor <dkg@fifthhorseman.net> + + doc: Add documentation for gpgkey2ssh. + + commit 2b27acc3435e73fad7460b551a36b4064cdd58be + * doc/tools.texi: Add documentation for gpgkey2ssh. + +2015-11-04 Neal H. Walfield <neal@g10code.com> + + gpg: Print a better error message for --multifile --sign --encrypt. + + commit 6897bbf1aa9bf0a61b186ea1a9bcb463fb1fd10e + * g10/gpg.c (main): Print a better error message for --multifile + --sign --encrypt. + + gpg: Add --encrypt-to-default-key. + + commit de9b2340153d70b083494d1a277a384dcf43bff0 + * g10/getkey.c (parse_def_secret_key): Drop the static qualifier and + export the function. + * g10/gpg.c (enum cmd_and_opt_values): Add value oEncryptToDefaultKey. + (opts): Handle oEncryptToDefaultKey. + (main): Likewise. + * g10/options.h (opt): Add field encrypt_to_default_key. + + gpg: Allow multiple --default-key options. Take the last available key. + + commit e16d7168c54e5f7bc2f0037806ee4f730930eaf0 + * g10/getkey.c (parse_def_secret_key): New function. + (get_seckey_default): Add parameter ctrl. Update callers. Use + parse_def_secret_key to get the default secret key, if any. + (getkey_byname): Likewise. + (enum_secret_keys): Likewise. + * g10/options.h (opt): Change def_secret_key's type from a char * to a + strlist_t. + * g10/gpg.c (main): When processing --default-key, add the key to + OPT.DEF_SECRET_KEY. + * g10/gpgv.c (get_session_key): Add parameter ctrl. Update callers. + * g10/mainproc.c (proc_pubkey_enc): Likewise. + (do_proc_packets): Likewise. + * g10/pkclist.c (default_recipient): Likewise. + * g10/pubkey-enc.c (get_session_key): Likewise. + * g10/sign.c (clearsign_file): Likewise. + (sign_symencrypt_file): Likewise. + * g10/skclist.c (build_sk_list): Likewise. + * g10/test-stubs.c (get_session_key): Likewise. + +2015-11-04 NIIBE Yutaka <gniibe@fsij.org> + + scd: Fix error handling with libusb-compat library. + + commit 1e94a672efb8bf66f416bc63bf6670e509a21fe5 + * scd/ccid-driver.c (bulk_out): Use LIBUSB_ERRNO_NO_SUCH_DEVICE. + + scd: fix change_keyattr. + + commit c5a9fedba66361ddd9f596528882750068543298 + * scd/app-openpgp.c (change_keyattr_from_string): Fix parsing. + +2015-11-03 Werner Koch <wk@gnupg.org> + + gpg: Change out of core error message. + + commit 44ad9f29d43f40bbc1840454880f4af3df1c5295 + * g10/tofu.c (fingerprint_str): Die with the error code returned by + the failed function. + (time_ago_str): Ditto. Do not make a comma translatable. + (fingerprint_format): Use "%zu" for a size_t. + + gpg: Make translation easier. + + commit 62b8cd5495dcac9a0f8a3d88c7bd4cd80997fd3f + * g10/import.c (import_secret_one): Split info string for easier + translation. + +2015-11-03 Neal H. Walfield <neal@g10code.com> + + gpg: Also show when the most recently signed message was observed. + + commit 621afac37e5555fd68054531e611ead444b62928 + * g10/tofu.c (show_statistics): Also show when the most recently + signed message was observed. + + gpg: Split a utility function out of a large function. + + commit 36326112290b6eef47c9dada30dddbdf408680e4 + * g10/tofu.c (show_statistics): Break the time delta to string code + into... + (time_ago_str): ... this new function. + + gpg: Fix message formatting. + + commit c8ef9f9a64d13ea8b9b4ade62525243abe2976ba + * g10/tofu.c (get_trust): Fix message formatting. + + gpg: Don't store formatting fingerprints in the TOFU DB. + + commit 8ae3946d28c43e30ef692ba6cf1a7fa4ed65ecc5 + * g10/tofu.c (fingerprint_pp): Split this function into... + (fingerprint_str): ... this function... + (fingerprint_format): ... and this function. + (record_binding): Store the unformatted fingerprint in the DB. Only + use the formatting fingerprint when displaying a message to the user. + (get_trust): Likewise. + (show_statistics): Likewise. + (tofu_register): Likewise. + (tofu_get_validity): Likewise. + (tofu_set_policy): Likewise. + (tofu_get_policy): Likewise. + +2015-11-02 NIIBE Yutaka <gniibe@fsij.org> + + g10: notify a user when importing stub is skipped. + + commit 06f3eadb22986d9ebde9efff2794eb1d45d6c6d4 + * g10/import.c (transfer_secret_keys): Return GPG_ERR_NOT_PROCESSED + when stub_key_skipped. + (import_secret_one): Notify a user, suggesting --card-status. + +2015-10-31 Neal H. Walfield <neal@g10code.com> + + gpg: Consider newlines to be whitespace in an SQL statement. + + commit 18cd09246f5dcddcafb8662afd84fa046e36de3f + * g10/sqlite.c (sqlite3_stepx): When making sure that there is no + second SQL statement, ignore newlines. + +2015-10-30 Werner Koch <wk@gnupg.org> + + common: Improve t-zb32 to be used for manual encoding. + + commit d89a9fca46d9bba497dde0793b57217c800b0e8d + * common/t-support.h (no_exit_on_fail, errcount): New. + (fail): Bump errcount. + * common/t-zb32.c (main): Add options to allow manual use. + + common: Add separate header for zb32.c. + + commit 5aadb4b62d26e1bfb40a1ce444a81c2a5a56159c + * common/util.h (zb32_encode): Move prototype to ... + * common/zb32.h: new. Include this for all callers of zb32_encode. + +2015-10-29 Neal H. Walfield <neal@g10code.com> + + gpg: Display the correct error message. + + commit 641df615da4937b0073c420a0503c5810c237972 + * g10/trustdb.c (validate_keys): If tdbio_update_version_record fails, + RC does not contain the error code. Save the error code in rc2 and + use that. + + gpg: Eliminate a memory leak. + + commit d68bdc553a206e54234d5d53ad35c4ba34133118 + * g10/trustdb.c (validate_key_list): Don't leak the keyblocks on + failure. + + gpg: Remove unused prototype. + + commit ef052591ba51ee16bafc3c5b79d837ed8f01b520 + g10/keyring.h (keyring_locate_writable): Remove unused prototype. + + gpg: Eliminate a memory leak. + + commit 89eee5f6b7ca3da7ebdcc3e5d069701d0834b39e + * g10/gpg.c (main): Don't leak OPT.DEF_RECIPIENT. + + gpg: Fix keyring support. + + commit 99c84b49b787dab8da26cf61eed24dd4a2b77fd9 + * g10/keydb.c (keydb_rebuild_caches): Only mark the cached as prepared + if it is actually prepared, which it only is if the resource is a + keybox. + + gpg: Change sqlite3_stepx to pass the sqlite3_stmt * to the callback. + + commit 421827424fe87855307fe3e803b42ffa02738600 + * g10/sqlite.h (enum sqlite_arg_type): Add SQLITE_ARG_BLOB. + (sqlite3_stepx_callback): New declaration. + (sqlite3_stepx): Change the callback's type to sqlite3_stepx_callback, + which passes an additional parameter, the sqlite3_stmt *. Update + users. + + gpg: Move sqlite helper functions into their own file. + + commit 351f4213e192aa11500c0c590d11183edbe326c5 + * g10/tofu.c (sqlite3_exec_printf): Move from here... + * g10/sqlite.c (sqlite3_exec_printf): ... to this new file. Don't + mark as static. + * g10/tofu.c (sqlite3_stepx): Move from here... + * g10/sqlite.c (sqlite3_stepx): ... to this new file. Don't + mark as static. + * g10/tofu.c (enum sqlite_arg_type): Move from here... + * g10/sqlite.h (enum sqlite_arg_type): ... to this new file. + +2015-10-29 NIIBE Yutaka <gniibe@fsij.org> + + doc: Don't install gpg-zip.1. + + commit d25e29ad9374da1c11ccfc38f392dbab2d707042 + * doc/Makefile.am (myman_pages): Remove gpg-zip.1. + (DISTCLEANFILES): Add gpg-zip.1. + +2015-10-28 Werner Koch <wk@gnupg.org> + + sm: Allow combination of usage flags --gen-key. + + commit 8b6c83dcb086ef09b2676e4d5b0111c88b7b8bf8 + * sm/certreqgen.c (create_request): Re-implement building of the + key-usage extension. + +2015-10-28 Damien Goutte-Gattat <dgouttegattat@incenp.org> + + doc: Document some changed default options. + + commit e095a3fcf2ccc6cc4e258111dc395558069a1164 + * doc/gpg.texi: Update the description of some options which are + now enabled by default. + +2015-10-28 Werner Koch <wk@gnupg.org> + + dirmngr: Fix NULL-deref while loading a CRL. + + commit fa15a71daff8414bf4112bc2826dc495ff2fb01f + * dirmngr/crlcache.c (crl_parse_insert): Set error before leaping to + failure. + + dirmngr: Minor cleanup of the SRV RR code. + + commit 949a5cfdabcafab93c1ac092c0459b59318805b9 + * dirmngr/dns-stuff.c: Include unistd.h. + (getsrv): Run srand only once. + * dirmngr/t-dns-stuff.c (main): Allow passing another name for --srv + and change output format. + + dirmngr: Add a getaddrinfo wrapper backend using ADNS. + + commit e026efb4363bc6e3c41ed533daf06f103ebd2e32 + * dirmngr/dns-stuff.c: Replace all use of default_errsource. + (my_adns_init): Move to top. + (resolve_name_adns): New. + (resolve_dns_name) [USE_ADNS]: Divert to new func. + +2015-10-26 Werner Koch <wk@gnupg.org> + + gpg: Do not call an extra get_validity if no-show-uid-validity is used. + + commit a6c2c098435a703ca02abf651ff4fa45e5a4db9a + * g10/mainproc.c (check_sig_and_print): Do not call the informational + get_validity if we are not going to use it. + +2015-10-26 Daniel Kahn Gillmor <dkg@fifthhorseman.net> + + gpg: Ensure all weak digest rejection notices are shown. + + commit 91015d021b3dcbe21ad0e580a4f34c523abf9e72 + * g10/main.h: Add rejection_shown flag to each weakhash struct + * g10/misc.c (print_digest_algo_note, additional_weak_digest): Do not + treat MD5 separately; (print_digest_rejected_note): Use + weakhash.rejection_shown instead of static shown. + * g10/options.h (opt): Change from additional_weak_digests to + weak_digests. + * g10/sig-check.c: Do not treat MD5 separately. + * g10/gpg.c (main): Explicitly set MD5 as weak. + * g10/gpgv.c (main): Explicitly set MD5 as weak. + +2015-10-26 Werner Koch <wk@gnupg.org> + + w32: Make it build again if Tofu support is not available. + + commit 0d37a40fc34519e93af3ceffff2cd726d29576d3 + * g10/keylist.c (public_key_list) [!USE_TOFU]: Do not call tofu + functions. + + dirmngr: Support Tor hidden services. + + commit 4524a2a3714f263d56bb7db349c169b456994fd9 + * dirmngr/dns-stuff.c (is_onion_address): New. + * dirmngr/ks-engine-hkp.c (hostinfo_s): Add field "onion". + (map_host): Special case onion addresses. + (ks_hkp_print_hosttable): Print an 'O' for an onion address. + * dirmngr/http.c (connect_server): Special case onion addresses. + + dirmngr,w32: Remove gethostbyname hack and make it build again. + + commit 7735bbe539af35ce16e270946d5ae798c5989d6e + * dirmngr/http.c (connect_server) [W32]: Remove gethostbyname hack; + we require getaddrinfo anyway. + * dirmngr/dns-stuff.c (AI_ADDRCONFIG): Add replacement if not defined. + (map_eai_to_gpg_error) [W32]: Take care of unsupported codes. + +2015-10-26 Neal H. Walfield <neal@g10code.com> + + gpg: Make sure we only have a single SQL statement. + + commit c18fb0d99b633bb267dead6e7c46229f4b780bc3 + * g10/tofu.c (sqlite3_stepx): Make sure SQL only contains a single SQL + statement. + + gpg: When the TOFU DB is in batch mode, periodically drop the locks. + + commit 5b0ed7674dc718ee98e0c80aa93ce014f2b51411 + * g10/tofu.c: Include <sched.h>. + (batch_update_started): New variable. + (begin_transaction): If we've been in batch mode for a while, then + commit any extant batch transactions. + (tofu_begin_batch_update): If we are not in batch mode, initialize + batch_update_started. + +2015-10-25 Werner Koch <wk@gnupg.org> + + dirmngr: Add workaround for broken getaddrinfo. + + commit 5e7ac031f513ad3b60e4f092fa72b3bec0676515 + * dirmngr/dns-stuff.c (resolve_name_standard): On failure retry by + first resolving the CNAME. + (get_dns_cname): New. + + * dirmngr/t-dns-stuff.c (main): Add option --cname. + + dirmngr: Better handle systems without IPv6 or IPv4. + + commit 0e3c9f184a5fb3e41277700d690febc2eee9600a + * dirmngr/dns-stuff.c (resolve_name_standard): Use AI_ADDRCONFIG. + + dirmngr: Replace use of getnameinfo by resolve_dns_addr. + + commit 927f34603d942868af6a7bd0f347681bbad76a94 + * dirmngr/ks-engine-hkp.c (my_getnameinfo): Remove. + (map_host): Use resolve_dns_addr. + + dirmngr: Implement a getnameinfo wrapper. + + commit 816505958ac4308ee0dfe787d1b706982428b6cc + * dirmngr/dns-stuff.h (DNS_NUMERICHOST): New. + (DNS_WITHBRACKET): New. + * dirmngr/dns-stuff.c (resolve_name_standard): Factor code out to... + (map_eai_to_gpg_error): new. + (resolve_addr_standard): New. + (resolve_dns_addr): New. + + * dirmngr/ks-engine-hkp.c (is_ip_address): Move to ... + * dirmngr/dns-stuff.c (is_ip_address): here. Add support for non + bracketed v6 addresses. + + * dirmngr/t-dns-stuff.c: Remove header netdb.h. + (main): Add option --bracket. Use resolve_dns_name instead of + getnameinfo. + +2015-10-23 Neal H. Walfield <neal@g10code.com> + + gpg: Provide an interface to patch TOFU updates. + + commit 7f65e84ac035e8f7a25639a6b09eb6000115e337 + * g10/tofu.c (struct db): Rename begin_transaction to savepoint_batch. + Rename end_transaction to savepoint_batch_commit. Update users. + Remove field rollback. Add fields savepoint_inner and + savepoint_inner_commit. Add field batch_update. + (dump_cache): New function. + (batch_update): New variable. + (begin_transaction). New function. + (end_transaction): New function. + (rollback_transaction): New function. + (tofu_begin_batch_update): New function. + (tofu_end_batch_update): New function. + (closedb): End any pending batch transaction. + (closedbs): Assert that none of the DBs have a started batch + transaction if we not in batch mode. + (record_binding): Use the begin_transaction, end_transaction and + rollback_transaction functions instead of including the SQL inline. + Also start a batch mode transaction if we are using the flat format. + (tofu_register): Use the begin_transaction, end_transaction and + rollback_transaction functions instead of including the SQL inline. + * g10/gpgv.c (tofu_begin_batch_update): New function. + (tofu_end_batch_update): New function. + * g10/test-stubs.c (tofu_begin_batch_update): New function. + (tofu_end_batch_update): New function. + + gpg: Cache prepared SQL queries and open DB connections. + + commit 297cf8660ce346638e42934d84d746768f8bb10a + * g10/tofu.c: Include <stdarg.h>. + (prepares_saved) [DEBUG_TOFU_CACHE]: New variable. + (queries) [DEBUG_TOFU_CACHE]: New variable. + (struct db): Add fields prevp, begin_transaction, end_transaction, + rollback, record_binding_get_old_policy, record_binding_update, + record_binding_update2, get_policy_select_policy_and_conflict, + get_trust_bindings_with_this_email, get_trust_gather_other_user_ids, + get_trust_gather_other_keys, register_already_seen, and + register_insert. + [DEBUG_TOFU_CACHE]: Add field hits. + (STRINGIFY): New macro. + (STRINGIFY2): New macro. + (enum sqlite_arg_type): New enum. + (sqlite3_stepx): New function. + (combined_db): Remove variable. + (opendb): Don't cache the combined db. + (struct dbs): New struct. Update users to use this as the head of the + local DB list rather than overloading struct db. + (unlink_db): New function. + (link_db): New function. + (db_cache): New variable. + (db_cache_count): New variable. + (DB_CACHE_ENTRIES): Define. + (getdb): If the dbs specific cache doesn't include the DB, look at + DB_CACHE. Only if that also doesn't include the DB open the + corresponding DB. + (closedb): New function. + (opendbs): Don't open the combined DB. Just return an initialized + struct dbs. + (closedbs): Don't close the dbs specific dbs. Attach them to the + front of DB_CACHE. If DB_CACHE contains more than DB_CACHE_ENTRIES, + close enough dbs from the end of the DB_CACHE list such that DB_CACHE + only contains DB_CACHE_ENTRIES. Don't directly close the dbs, instead + use the new closedb function. + [DEBUG_TOFU_CACHE]: Print out some statistics. + (record_binding): Use sqlite3_stepx instead of sqlite3_exec or + sqlite3_exec_printf. + (get_policy): Likewise. + (get_trust): Likewise. + (tofu_register): Likewise. + + gpg: Return the DBs meta-handle rather than the sqlite3 handle. + + commit cd879d4bd69a578be5a1ff96497f8c1181885563 + * g10/tofu.c (getdb): Return a struct db * instead of an sqlite *. + Update users. + + gpg: Use the proper type. + + commit 3c4c89cc35280164b509977c5288b0a06d6f530e + * g10/options.h: Include "tofu.h". + (opt.tofu_default_policy): Change type to enum tofu_policy. + * g10/gpgv.c (enum tofu_policy): Don't redeclare. + * g10/test-stubs.c (enum tofu_policy): Likewise. + +2015-10-22 Werner Koch <wk@gnupg.org> + + dirmngr: Implement Tor mode for SRV RRs. + + commit 8b06d7f41aec6cb993445935dba7c60e033d026a + * dirmngr/dns-stuff.c (get_dns_cert): Factor adns init out to... + (my_adns_init): new. + (getsrv)[USE_ADNS]: Use my_adns_init. + (getsrv)[!USE_ADNS]: Return an error if Tor mode is active. + + * dirmngr/t-dns-stuff.c: Add option --use-tor. + + dirmngr: Do not use MAXDNAME. + + commit e03a4a94bb67d4a6c958b37671f83456e203f325 + * dirmngr/dns-stuff.c (getsrv): Replace MAXDNAME. + * dirmngr/dns-stuff.h (MAXDNAME): Remove. + (struct srventry): Use a fixed value instead of MAXDNAME. + * dirmngr/http.c (connect_server): Use DIMof instead of MAXDNAME. + Malloc a helper array. + + Move SRV RR code from common/ to dirmngr/. + + commit 41bb01ae792af78edd28bf1b735cacc0b3ac428a + * common/srv.c: Merge into dirmngr/dns-stuff.c. Delete file. + * common/srv.h: Merge into dirmngr/dns-stuff.h. Delete file. + * common/Makefile.am (common_sources): Remove srv.c and srv.h. + * g10/keyserver.c: Do not include srv.h. The code using it is anyway + disabled. + * dirmngr/http.c: Remove header srv.h and stubs. + * dirmngr/t-dns-stuff.c: Add option --srv. + +2015-10-21 Werner Koch <wk@gnupg.org> + + dirmngr: Use the new DNS wrapper for the HTTP module. + + commit 1e34007c972c1d7730cfcacd88f6bbebba7dec1d + * dirmngr/t-http.c (main): Init assuan sockets. + * dirmngr/http.c: Include dns-stuff.h. + (connect_server)[!HAVE_GETADDRINFO]: Remove all code. + (connect_server): Change to use resolve_dns_name. + + dirmngr: Allow use of http.c if USE_NPTH is not defined. + + commit b6af3377e14fad35b9c6041b11888cabce6e8a56 + * dirmngr/http.c (send_request): Always set the gnutls pull/push + functions. + (my_npth_read): Rename to ... + (my_gnutls_read) .. this. Use system read if !USE_NPTH. + (my_npth_write): Rename to ... + (my_gnutls_write) .. this. Use system write if !USE_NPTH. + + dirmngr: Check that getaddrinfo is available. + + commit 6fafda979df8e7e117f8e6929bcce89513a6e746 + * dirmngr/Makefile.am (t_http_SOURCES): Add dns-stuff.c. + (t_ldap_parse_uri_SOURCES): Ditto. + * dirmngr/dns-stuff.c: Bail out if neither ADNS nor getaddrinfo is + available. + + dirmngr: Use the new DNS wrapper for the HKP engine. + + commit afbe87fa2d259b665b2d67a038a8535cfcfee094 + * dirmngr/ks-engine-hkp.c (my_getnameinfo): Change arg type to + dns_addrinfo_t. + (map_host): Replace getaddrinfo by resolve_dns_name. + + dirmngr: Implement a getaddrinfo wrapper. + + commit 8bccbf477878fd99baa96e11db9db99aaf1e8d91 + * dirmngr/dns-stuff.h: Include some header files. + (dns_addinfo_t, dns_addrinfo_s): New. + * dirmngr/dns-stuff.c: Always include DNS related headers. + (free_dns_addrinfo): New. + (resolve_name_standard): New. + (resolve_dns_name): New. + + * dirmngr/t-dns-stuff.c: Include netdb.h. + (main): Keep old default mode with no args but else print outout of + resolve_dns_name. Revamp option parser. + + common: Add more replacement error codes. + + commit ffe60eb3d2b8f7d6c506804ce4645d695c91f237 + * common/util.h (GPG_ERR_SERVER_FAILED): New. + (GPG_ERR_NO_KEY): New. + (GPG_ERR_NO_NAME): New. + +2015-10-21 Neal H. Walfield <neal@g10code.com> + + gpg: If the saved trust model is unknown, default to tofu+pgp. + + commit 9afeb4cca10c3632495fe71b23df99a4878bd3a5 + * g10/trustdb.c (init_trustdb): If the saved trust model is unknown, + default to tofu+pgp instead of pgp. + + gpg: Don't accidentally free UTK_LIST. + + commit 8c3b7915d675ca5346c17244654d5c6ab583ac44 + * g10/trustdb.c (validate_keys): Don't free UTK_LIST. + + gpg: When evaluating trust reg exps, treat tofu+pgp like pgp. + + commit cbaca254ac818c49c18d4480d3c7bd246cc57ae8 + * g10/trustdb.c (validate_one_keyblock): When checking trust regular + expressions, treat the tofu+pgp trust model the same as the pgp trust + model. + + gpg: If a key is ultimate trusted, return that in the tofu model. + + commit df57390d68482c5b3fa5ff3a42a29ae1b6cbb23c + * g10/tofu.c (get_trust): If the policy is auto or none, check if the + key is ultimately trusted. If so, return that. + (tofu_register): If the key is ultimately trusted, don't show any + statistics. + (tofu_get_validity): Likewise. + + gpg: Keep the trust DB up to date for the tofu and tofu+pgp models. + + commit d05ff81732e20e6f9d6d7a6281a96a312b001abb + * g10/trustdb.c (init_trustdb): Recognize tofu and tofu+pgp as + possibly saved trust models. Also register the ultimately trusted + keys if the trust model is tofu or tofu+pgp. + (check_trustdb): Don't skip if the trust model is tofu or tofu+pgp. + (update_trustdb): Likewise. + (tdb_check_trustdb_stale): Likewise. + (validate_keys): If the trust model is TOFU, just write out the + ultimately trusted keys. + + gpg: Factor out code into a standalone function. + + commit 243f90afba87e99ca42e2451ac5cc59d00a044ac + * g10/trustdb.c (tdb_keyid_is_utk): New function. + (add_utk): Use it. + + dirmngr: Allow building with libassuan < 2.3. + + commit a79045e38d239a7f6e787cf7c1132772c737cc0e + * dirmngr/http.c (send_request): Use newer assuan function only if + available. + +2015-10-21 Neal H. Walfield <neal@g10code.com> + Andre Heinecke <aheinecke@intevation.de> + + gpg: Make the tofu DB check and initialization atomic. + + commit 85bd7d9491f8cc13c2b03f19b4f70ea13b45c704 + * g10/tofu.c (initdb): Make the version check and the database + initialization atomic. + +2015-10-21 Werner Koch <wk@gnupg.org> + + build: Make --disable-g13 the default. + + commit 485e0a221deb5c68f29b6a7a110b349dbe41c027 + * Makefile.am (DISTCHECK_CONFIGURE_FLAGS): Add --enable-g13. Remove + --enable-gpgtar because that is enabled anyway. + * configure.ac: Do not build g13 by default. + + dirmngr: Rename file dns-cert.c. + + commit 5055b617a94587580bc16a56bb82333077b05693 + * dirmngr/dns-cert.c: Rename to dirmngr/dns-stuff.c. + * dirmngr/dns-cert.h: Rename to dirmngr/dns-stuff.h and change + includers. + * dirmngr/t-dns-cert.c: Rename to dirmngr/t-dns-stuff.c. + * dirmngr/Makefile.am: Adjust. + + common: Add status code for use by g13. + + commit 42571a38344e39f747315f754700a8181b8744fe + * common/status.h (STATUS_PLAINTEXT_FOLLOWS): New. + +2015-10-20 Werner Koch <wk@gnupg.org> + + dirmngr: Prefer ADNS over system resolver. + + commit 58ebe50bdf4837e9ab2d3f8c6e5fcf28c66f26e9 + * configure.ac (HAVE_ADNS_IF_TORMODE): New ac_define. + (USE_DNS_CERT): Prefer ADNS over the system resolver. + * dirmngr/dns-cert.c (tor_mode): New global var. + (enable_dns_tormode): New func. + (get_dns_cert): Use DNS resolver at 8.8.8.8 in tor-mode. + * dirmngr/server.c (cmd_dns_cert): If supported allow DNS requests. + + w32: Allow building again. + + commit c83b627174f46e841f1ccc018322fe499969c267 + * dirmngr/http.c (connect_server): Fix called function name. + + build: Allow building without SQLlite support. + + commit 734c61dc9d4915605816803182c9adcc1594e008 + * configure.ac: Add option --dsiable-tofu and --disable-sqlite. + (NEED_SQLITE_VERSION): New var. + (USE_TOFU): New ac_define and am_conditional. + * autogen.sh (build-w32): Add PKG_CONFIG_LIBDIR to configure so that + pkg-config find the correct .pc file. + + * g10/Makefile.am (tofu_source): New. Build only if enabled. + * g10/gpg.c (parse_trust_model)[!USE_TOFU]: Disable tofu models. + (parse_tofu_policy)[!USE_TOFU]: Disable all. + (parse_tofu_db_format)[!USE_TOFU]: Disable all. + (main) <aTOFUPolicy>[!USE_TOFU]: Skip. + * g10/keyedit.c (show_key_with_all_names_colon)[!USE_TOFU]: Do not + call tofu functions. + * g10/keylist.c (list_keyblock_colon)[!USE_TOFU]: Ditto. + * g10/trustdb.c (tdb_get_validity_core)[!USE_TOFU]: Skip tofu + processing. + +2015-10-20 Neal H. Walfield <neal@g10code.com> + + gpg: Don't die immediately if the TOFU DB is locked. + + commit 26d457c218c2e93b2e2cf316f0c1074c70894d0f + * g10/tofu.c (opendb): Don't die immediately if the DB is locked. + + gpg: Improve output. + + commit bc9ff6c85e2d89be4ee873b8a72a214759a66157 + * g10/tofu.c (get_trust): Also show the binding when indicating a + conflict occurred. + + gpg: Synchronize translation template. + + commit 251c070f91e2c65baa3f1195f14a176440a8aafa + * g10/tofu.c (show_statistics): Synchronize translation template. + + gpg: When showing conflicts, also show bindings with no recorded sigs. + + commit d3eca517745a862432fcfeaa729e5333b15ffa6a + * g10/tofu.c (signature_stats_collect_cb): If the time_ago column is + NULL, then both time_ago and count should be 0. + (get_trust): Reverse the direction of the join so that we also get + statistics about bindings without any signatures. + + gpg: Improve text. + + commit 445f94bc81b20959a667a4ad80ea6c73059540bf + * g10/tofu.c (show_statistics): Improve text. + + gpg: Use the right variable to display the information. + + commit 4957e3236796979b58f35628351505ea5f4e936a + * g10/tofu.c (get_trust): Use the right variable to display the + conflicting key. + + gpg: Make failing to create a directory a soft error. + + commit eb8a0b051faa03584b3820200e10301936e82f51 + * g10/tofu.c (getdb): Don't exit if we can't create the directory. + Just return an error. + + common: Make sure tilde expansion works for the mkdir functions. + + commit c3bb9fccb7963a0918b9ec6a4f10d568fac7c125 + * common/mkdir_p.c (gnupg_amkdir_p): Use make_filename_try on the + first directory component as well. + + gpg: Remove unused prototype digest_algo_from_sig. + + commit d1a0b520b15bb941cdbf66c2e832c617af778ac8 + * g10/packet.h (digest_algo_from_sig): Remove prototype without a + corresponding implementation. + +2015-10-19 Werner Koch <wk@gnupg.org> + + dirmngr: Allow building with libassuan < 2.3. + + commit 4e42ad300b3de9fab25095a9e82431b1ea2740e7 + * dirmngr/dirmngr.c (set_tor_mode): Use newer assuan function only if + available. + * dirmngr/http.c (http_raw_connect): Ditto. + +2015-10-19 Neal H. Walfield <neal@g10code.com> + + gpg: Fix --desig-revoke. + + commit c37621166e9cc2a818de73bc99287a393dbb5744 + * g10/revoke.c (gen_desig_revoke): Add additional parameter ctrl. + Check that the secret key is available. If not, display an error + message. + + gpg: Improve function documentation and some comments. + + commit a608ee750dd83bf77a5fb4f0ab5bcf812436ba4d + * g10/main.h: Improve function documentation. + * g10/packet.h.h: Improve function documentation. + * g10/sig-check.c: Improve function documentation and some comments. + + gpg: Improve and regularize naming of signature checking functions. + + commit 0433e667029508d6933e8798d3d95bcdde70a7aa + * g10/packet.h (signature_check): Rename from this... + (check_signature): ... to this. Update users. + (signature_check2): Rename from this... + (check_signature2): ... to this. Update users. + * g10/sig-check.c (do_check): Rename from this... + (check_signature_end): ... to this. Update users. + (do_check_messages): Rename from this... + (check_signature_metadata_validity): ... to this. Update users. + + gpg: Mark local function as static. + + commit 547a1b3fb881bb8581d03dbf4eacf49163eaa4b5 + * g10/tdbio.c (put_record_into_cache): Mark as static. + +2015-10-19 Daniel Kahn Gillmor <dkg@fifthhorseman.net> + + gpg: Print warning when rejecting weak digests. + + commit b98939812abf6c643c752ce7c325f98039a1a9e2 + * g10/misc.c (print_md5_rejected_note): Rename to .. + (print_digest_rejected_note): this. Parameterize function to take an + enum gcry_md_algos. + * g10/sig-check.c: Use print_digest_rejected_note() when rejecting + signatures. + + gpg: Add option --weak-digest to gpg and gpgv. + + commit 76afaed65e3b0ddfa4923cb577ada43217dd4b18 + * g10/options.h: Add additional_weak_digests linked list to opts. + * g10/main.h: Declare weakhash linked list struct and + additional_weak_digest() function to insert newly-declared weak + digests into opts. + * g10/misc.c: (additional_weak_digest): New function. + (print_digest_algo_note): Check for deprecated digests; use proper + gcry_md_algos type. + * g10/sig-check.c: (do_check): Reject weak digests in addition to MD5. + * g10/gpg.c: Add --weak-digest option to gpg. + * doc/gpg.texi: Document gpg --weak-digest option. + * g10/gpgv.c: Add --weak-digest option to gpgv. + * doc/gpgv.texi: Document gpgv --weak-digest option. + +2015-10-19 Werner Koch <wk@gnupg.org> + + dirmngr: Make --use-tor work - still leaks DNS. + + commit 6983fd131f648ba4acd57b266de9868911874d14 + * dirmngr/dirmngr.c (set_tor_mode): New. + (main, reread_configuration): Call it. + * dirmngr/http.c (http_raw_connect, send_request): Check whether TOR + mode is enabled if the FORCE_TOR flag is given. + + dirmngr: Use Assuan socket wrappers for http.c. + + commit 8c609eaf35b547f02979ef0b206520dd0853b294 + * dirmngr/http.c: Include assuan.h. Changed all code taking a socket + descriptor from int to assuan_fd_t. + (my_unprotect, my_protect): New. + (my_connect): Remove. + (_my_socket_new, _my_socket_unref): use assuan_sock_close. + (connect_server): Use assuan_sock_connect, assuan_sock_new, and + assuan_sock_close. + * dirmngr/Makefile.am (t_common_ldadd): Add LIBASSUAN_LIBS. + +2015-10-19 Neal H. Walfield <neal@g10code.com> + + gpg: Fix formatting. + + commit 253afa244487dd8129816615ac2865c9fe812aaf + * g10/tofu.c (get_trust): Fix formatting. + + gpg: Don't forget to free some memory. + + commit e56a116f9a1171ccf8b3293887a217953a46fc20 + * g10/tofu.c (tofu_register): Free SIG_DIGEST before returning. + + gpg: If a conflict occurs in batch mode, record that. + + commit 55d88454652543c98d74376977d855e394df6c92 + * g10/tofu.c (get_trust): If a conflict occurs when MAY_ASK is false, + set conflict to the key. When prompting the user, don't show the + conflicting key if the conflicting key is the current key. + +2015-10-18 Werner Koch <wk@gnupg.org> + + gpg: Silence two more warnings. + + commit c2c400714854d5a127a6966200d345d0d6cfc7d4 + * g10/trustdb.c (tdb_get_validity_core): Silence a warning. + * g10/tofu.c (tofu_register): Move SIG_DIGEST computation to the top + so that it is not uninitialized in case of an early error. + + gpg: Fix harmless compiler warnings. + + commit 558bcd43ae0a841cf1e58e06f5d72a19d5bc70cd + * g10/tofu.h (_tofu_GET_POLICY_ERROR): New. This avoids warnings + about undefined enum values in a switch. + * g10/trustdb.h (_tofu_GET_TRUST_ERROR): New. + * g10/tofu.c (TIME_AGO_FUTURE_IGNORE): Move to the top. + (opendbs): Avoid compiler warning (use braces). + (GET_POLICY_ERROR): Replace define by enum _tofu_GET_POLICY_ERROR. + (get_policy): Remove assert. + (GET_TRUST_ERROR): Replace by _tofu_GET_TRUST_ERROR macro. + (show_statistics): Undef MIN_SECS et al. after use. + + common: Avoid warning about const char ** assignment. + + commit e64c805b0c270d859ddf2c35d573110cf25e8d48 + * common/mkdir_p.c (gnupg_amkdir_p): Also strdup first item. Return + an error on malloc failure. + (gnupg_mkdir_p): Fix type of dirs and tmp_dirs. + + Move http module from common/ to dirmngr/. + + commit 5aa1b392b1bf6fcf4cd380862c5affac39a4f34d + * common/http.c: Move to ../dirmngr/. + * common/http.h: Move to ../dirmngr/. + * common/t-http.c: Move to ../dirmngr/. + * common/tls-ca.pem: Move to ../dirmngr/. + * common/Makefile.am: Do not build libcommontls.a libcommontlsnpth.a. + Remove http.c related stuff. + * po/POTFILES.in: Move http.c to dirmngr/. + * dirmngr/Makefile.am (EXTRA_DIST): Add tls-ca.pem. + (module_maint_tests): New. + (noinst_PROGRAMS): Add module_maint_tests. + (dirmngr_SOURCES): Add http.c and http.h. + (dirmngr_LDADD): Remove libcommontlsnpth. + (t_common_ldadd): Ditto. + (t_http_SOURCES, t_http_CFLAGS, t_http_LDADD): New. + (t_ldap_parse_uri_SOURCES): Add http.c. + (t_ldap_parse_uri_CFLAGS): Build without npth. + ($(PROGRAMS)): Do not require libcommontls.a libcommontlsnpth.a. + * dirmngr/dirmngr.h, dirmngr/ks-engine.h: Fix include of http.h. + +2015-10-18 Neal H. Walfield <neal@g10code.com> + + g10: Fix assert. + + commit 128a456e775edf393d47e40bb9ae8b62434e2978 + * g10/tofu.c (get_trust): Fix assert. + + g10: Add TOFU support. + + commit f77913e0ff7be4cd9c6337a70ac715e6f4a43572 + * configure.ac: Check for sqlite3. + (SQLITE3_CFLAGS): AC_SUBST it. + (SQLITE3_LIBS): Likewise. + * g10/Makefile.am (AM_CFLAGS): Add $(SQLITE3_CFLAGS). + (gpg2_SOURCES): Add tofu.h and tofu.c. + (gpg2_LDADD): Add $(SQLITE3_LIBS). + * g10/tofu.c: New file. + * g10/tofu.h: New file. + * g10/options.h (trust_model): Define TM_TOFU and TM_TOFU_PGP. + (tofu_db_format): Define. + * g10/packet.h (PKT_signature): Add fields digest and digest_len. + * g10/gpg.c: Include "tofu.h". + (cmd_and_opt_values): Declare aTOFUPolicy, oTOFUDefaultPolicy, + oTOFUDBFormat. + (opts): Add them. + (parse_trust_model): Recognize the tofu and tofu+pgp trust models. + (parse_tofu_policy): New function. + (parse_tofu_db_format): New function. + (main): Initialize opt.tofu_default_policy and opt.tofu_db_format. + Handle aTOFUPolicy, oTOFUDefaultPolicy and oTOFUDBFormat. + * g10/mainproc.c (do_check_sig): If the signature is good, copy the + hash to SIG->DIGEST and set SIG->DIGEST_LEN appropriately. + * g10/trustdb.h (get_validity): Add arguments sig and may_ask. Update + callers. + (tdb_get_validity_core): Add arguments sig and may_ask. Update + callers. + * g10/trust.c (get_validity) Add arguments sig and may_ask. Pass them + to tdb_get_validity_core. + * g10/trustdb.c: Include "tofu.h". + (trust_model_string): Handle TM_TOFU and TM_TOFU_PGP. + (tdb_get_validity_core): Add arguments sig and may_ask. If + OPT.TRUST_MODEL is TM_TOFU or TM_TOFU_PGP, compute the TOFU trust + level. Combine it with the computed PGP trust level, if appropriate. + * g10/keyedit.c: Include "tofu.h". + (show_key_with_all_names_colon): If the trust mode is tofu or + tofu+pgp, then show the trust policy. + * g10/keylist.c: Include "tofu.h". + (public_key_list): Also show the PGP stats if the trust model is + TM_TOFU_PGP. + (list_keyblock_colon): If the trust mode is tofu or + tofu+pgp, then show the trust policy. + * g10/pkclist.c: Include "tofu.h". + * g10/gpgv.c (get_validity): Add arguments sig and may_ask. + (enum tofu_policy): Define. + (tofu_get_policy): New stub. + (tofu_policy_str): Likewise. + * g10/test-stubs.c (get_validity): Add arguments sig and may_ask. + (enum tofu_policy): Define. + (tofu_get_policy): New stub. + (tofu_policy_str): Likewise. + * doc/DETAILS: Describe the TOFU Policy field. + * doc/gpg.texi: Document --tofu-set-policy, --trust-model=tofu, + --trust-model=tofu+pgp, --tofu-default-policy and --tofu-db-format. + * tests/openpgp/Makefile.am (TESTS): Add tofu.test. + (TEST_FILES): Add tofu-keys.asc, tofu-keys-secret.asc, + tofu-2183839A-1.txt, tofu-BC15C85A-1.txt and tofu-EE37CF96-1.txt. + (CLEANFILES): Add tofu.db. + (clean-local): Add tofu.d. + * tests/openpgp/tofu.test: New file. + * tests/openpgp/tofu-2183839A-1.txt: New file. + * tests/openpgp/tofu-BC15C85A-1.txt: New file. + * tests/openpgp/tofu-EE37CF96-1.txt: New file. + * tests/openpgp/tofu-keys.asc: New file. + * tests/openpgp/tofu-keys-secret.asc: New file. + +2015-10-16 Neal H. Walfield <neal@g10code.com> + + common: Prefix the mkdir functions with gnupg_. Make args const. + + commit 93e855553eba03f5c31682e0aaf39f18f29860b7 + * common/mkdir_p.h (mkdir_p): Rename from this... + (gnupg_mkdir_p): ... to this. Change directory_component's type from + char * to const char *. + (amkdir_p): Rename from this... + (gnupg_amkdir_p): ... to this. Change directory_component's type from + char * to const char *. + * common/mkdir_p.c (mkdir_p): Rename from this... + (gnupg_mkdir_p): ... to this. Change directory_component's type from + char * to const char *. + (amkdir_p): Rename from this... + (gnupg_amkdir_p): ... to this. Change directory_component's type from + char * to const char *. + +2015-10-14 NIIBE Yutaka <gniibe@fsij.org> + + cleanup: Fix confusion between gpg_error_t and gpg_err_code_t. + + commit 3de5ef759895837fe499cff7fb1fa7798e6d5754 + * dirmngr/crlcache.c (hash_dbfile): Use gpg_error_t for ERR. + * kbx/keybox-update.c (keybox_set_flags): Call + gpg_err_code_from_syserror. + +2015-10-13 NIIBE Yutaka <gniibe@fsij.org> + + po: Update Japanese translation. + + commit 0b4ebc398cc8aad3f25f84034cd6b129e55f1368 + + +2015-10-12 Werner Koch <wk@gnupg.org> + + gpg: Try hard to use MDC also for sign+symenc. + + commit 4584125802be11833a5b289e864b45eedc2b45fd + * g10/encrypt.c (use_mdc): Make it a global func. + * g10/sign.c (sign_symencrypt_file): Use that function to decide + whether to use an MDC. + * tests/openpgp/conventional-mdc.test: Add a simple test case. + +2015-10-09 Werner Koch <wk@gnupg.org> + + Release 2.1.9. + + commit 086b8738f71ba26d36287db81f6d78116053ba66 + + +2015-10-09 NIIBE Yutaka <gniibe@fsij.org> + + agent: simplify agent_get_passphrase. + + commit 5a12c45666cd16bc750d7f0e63620c295feb77ea + * agent/call-pinentry.c (agent_get_passphrase): Simplify. + + agent: fix agent_askpin. + + commit 818fa4f71e1056831b35d0f8aff715c0e1d537e6 + * agent/call-pinentry.c (agent_askpin): Fix off-by-one error. + + agent: Fix function return type for check_cb and agent_askpin. + + commit f70f6695368444d8058305ab696e5e5a1bace18c + * agent/call-pinentry.c (unlock_pinentry): Return gpg_error_t. + (start_pinentry, setup_qualitybar): Likewise. + (agent_askpin): Fix return value check of check_cb. + * agent/command-ssh.c (reenter_compare_cb): Return gpg_error_t. + (ssh_identity_register): Fix return value check of agent_askpin. + * agent/cvt-openpgp.c (try_do_unprotect_cb): Return gpg_error_t. + * agent/findkey.c (try_unprotect_cb): Likewise. + * agent/genkey.c (reenter_compare_cb): Return gpg_error_t. + (agent_ask_new_passphrase): Fix return value check of agent_askpin. + +2015-10-08 Andre Heinecke <aheinecke@intevation.de> + + dirmngr: Default to http protocol for http-proxy. + + commit ea079d283de6bf4ac70d7530fac70938e7c5e8f5 + * common/http.c (send_request): Fix handling for hostname:port string. + +2015-10-08 Werner Koch <wk@gnupg.org> + + common: Allow building of mkdir_p.c for Windows. + + commit 4c298525903f844eee95ecbcdc45f5ac034fa148 + * common/mkdir_p.c: Change license and comment debug statements. + (amkdir_p, mkdir_p): Fail on malloc error and use default_errsource to + build an error code. Change return value to gpg_error_t. + (amkdir_p): Use gnupg_mkdir. + + * common/membuf.c: Include util.h first to avoid redefined macro + warnings. + + gpg: Add option --print-dane-records. + + commit d7b8e76f9930750d669405dee3108c9bc8e87b91 + * g10/options.h (opt): Add field "print_dane_records". + * g10/gpg.c (oPrintDANERecords): new. + (opts): Add --print-dane-records. + (main): Set that option. + * g10/export.c (do_export): Remove EXPORT_DANE_FORMAT handling. + (do_export_stream): Add EXPORT_DANE_FORMAT handling. + * g10/keylist.c (list_keyblock_pka): Implement DANE record printing. + + * g10/gpgv.c (export_pubkey_buffer): New stub. + * g10/test-stubs.c (export_pubkey_buffer): New stub. + + gpg: Pass CTRL parameter to all key listing functions. + + commit b6d621583fc9cbda6f9376a24f2f4cf11499a4fd + * g10/keylist.c (public_key_list): Add arg CTRL. + (secret_key_list): Ditto. + (list_all, list_one): Ditto. + (locate_one): Ditto. + (list_keyblock_pka): Ditto. + (list_keyblock): Ditto. + (list_keyblock_direct): Ditto. + * g10/keygen.c (proc_parameter_file): Add arg CTRL. + (read_parameter_file): Ditto. + (quick_generate_keypair): Ditto. + (do_generate_keypair): Ditto. + (generate_keypair): Pass arg CTRL. + * g10/gpg.c (main): Pass arg CTRL to quick_generate_keypair. + +2015-10-07 Werner Koch <wk@gnupg.org> + + gpg: Remove unfinished experimental code to export as S-expressions. + + commit a400958323d93036dca9c63135b167012ea64f8b + * g10/options.h (EXPORT_SEXP_FORMAT): Remove. + (EXPORT_DANE_FORMAT): New. + * g10/export.c (parse_export_options): Remove "export-sexp-format". + (export_seckeys): Adjust for removed option. + (export_secsubkeys): Ditto. + (do_export): Prepare for DANE format. + (build_sexp, build_sexp_seckey): Remove. + (do_export_stream): Remove use of removed functions. + +2015-10-06 Werner Koch <wk@gnupg.org> + + gpg: Add new --auto-key-locate mechanism "dane". + + commit 9ac31f91b10059474da1c9580fb99e94278d4c11 + * g10/call-dirmngr.c (gpg_dirmngr_dns_cert): Allow fetching via DANE. + * g10/keyserver.c (keyserver_import_cert): Add arg "dane_mode". + * g10/options.h (AKL_DANE): New. + * g10/getkey.c (get_pubkey_byname): Implement AKL_DANE. + (parse_auto_key_locate): Ditto. + + dirmngr: Addlow fetching keys using OpenPGP DANE. + + commit 264a81d82737369ee8beef771cf2bd2cd874320a + * dirmngr/server.c (cmd_dns_cert): Add option --dane. + + dirmngr: Improve DNS code to retrieve arbitrary records. + + commit 211b8084ee4391baec35e8c5bd75a9ecbcb889a7 + * dirmngr/dns-cert.c (get_dns_cert): Add hack to retrieve arbitrary + resource records. + * dirmngr/dns-cert.h (DNS_CERTTYPE_RRBASE): New. + (DNS_CERTTYPE_RR61): New. + + dirmngr: Change DNS code to make additions easier. + + commit 6cf80dc77ec5df3722924301ff4be2475966937b + * dirmngr/dns-cert.c (get_dns_cert) [!USE_ADNS]: Change loop to allow + adding more resource types. + + dirmngr: Make commands RELOADDIRMNGR and KILLDIRMNGR work properly. + + commit 7faf45effcd47d2d04d35090a1e01a1dbb99ec70 + * dirmngr/server.c (cmd_killdirmngr): Set assuan close flag. + (cmd_reloaddirmngr): Use check_owner_permission. + + dirmngr: Do tilde expansion for --hkp-cacert. + + commit 9db6547a00cded92c00c8f8382b1b605be1027d2 + * dirmngr/dirmngr.c (parse_rereadable_options): Do tilde expansion and + check for cert file existance in option --hkp-cacert. + + gpg: Fail decryption for AES etc message w/o MDC. + + commit 625e292108cc0fd9077769587a8c22abe7805e33 + * g10/mainproc.c (proc_encrypted): Fail for modern messages w/o MDC. + +2015-10-06 NIIBE Yutaka <gniibe@fsij.org> + + agent: Fix verification of signature for smartcard. + + commit 4a5bd1720f5a3dbb26f5daeb03725cae29be7e24 + * agent/pksign.c (agent_pksign_do): Use public key smartcard. + + agent: Fix non-allocation for pinentry_loopback. + + commit ce2a84b58833fd308d5fe11756721f39c953280a + * agent/call-pinentry.c (agent_get_passphrase): Don't allocate, it will + be allocated by pinentry_loopback. + +2015-10-05 Werner Koch <wk@gnupg.org> + + gpg: Install a dirmngr.conf file. + + commit f3959f14b6c496c726bbca5230becb7b6844a234 + * g10/dirmngr-conf.skel: New. + * g10/Makefile.am (EXTRA_DIST): Add file. + (install-data-local, uninstall-local): Install that file. + * g10/openfile.c (copy_options_file): Add arg "name", return a value, + simplify with xstrconcat, and factor warning message out to: + (try_make_homedir): here. Also install dirmngr.conf. + * g10/options.skel: Remove --keyserver entry. + + gpg: Deprecate the --keyserver option. + + commit ae471fa978589fb61ecb0f89bbfe4d43cf2d5eac + * g10/keyserver.c (keyserver_refresh): Change return type to + gpg_error_t. Use gpg_dirmngr_ks_list to print the name of the + keyserver to use. + (keyserver_search): Do not print the "no keyserver" error + message. The same error is anyway returned from dirmngr. + * g10/call-dirmngr.c (ks_status_parm_s): Add field "keyword". + (ks_status_cb): Handle other status keywords. + (gpg_dirmngr_ks_list): New. + * tools/gpgconf-comp.c (gc_options_gpg): Deprecate "keyserver". + (gc_options_dirmngr): Add "Keyserver" group and "keyserver". + + dirmngr: Add option --keyserver. + + commit a48e6de603c3a312f02b1b5fdb813032eeae9074 + * dirmngr/dirmngr.c (oKeyServer): New. + (opts): Add "keyserver". + (parse_rereadable_options): Parse that options + (main): Add option to the gpgconf list. + * dirmngr/dirmngr.h (opt): Add field "keyserver". + * dirmngr/server.c (ensure_keyserver): New. + (make_keyserver_item): New. Factored out from + (cmd_keyserver): here. Call ensure_keyserver. + (cmd_ks_search): Call ensure_keyserver. + (cmd_ks_get): Ditto. + (cmd_ks_fetch): Ditto. + (cmd_ks_put): Ditto. + + dirmngr: Make clear that --use-tor is not yet ready for use. + + commit 438730323a5d9bbf8dd5cd60d479b6c03f8721d0 + * dirmngr/dirmngr.c (main): Print a warning if --use-tor has been + given. + * tools/gpgconf-comp.c (gc_options_dirmngr): Make --use-tor invisible. + + gpgconf: Change displayed name of Dirmngr to "Key Acquirer". + + commit c6400c1aa82239f1c154ca27596600cae964515d + * tools/gpgconf-comp.c (gc_component): Change printed name. + +2015-10-02 Werner Koch <wk@gnupg.org> + + dirmngr: Fix use-after-free due to a realloc shrinking. + + commit 75c64c2b6d77856b90903cc3b7c6a2f62ff8eb7b + * dirmngr/ks-engine-hkp.c (map_host): Do not use original pointer + after realloc. + + agent: Fix alignment problem with the second passphrase struct. + + commit ddf9dd135acd2b3635bb986f6dfc0e4e446d5fad + * agent/genkey.c (agent_ask_new_passphrase): Use a separate malloc for + PI2. Check return value of the malloc function. + * agent/command-ssh.c (ssh_identity_register): Use a separate malloc + for PI2. Wipe PI2. + +2015-10-01 Werner Koch <wk@gnupg.org> + + gpg: Fix a practical hang after use of --faked-system-time. + + commit 2acceba5cc299796c7b5b1851a9baeb75d9f32a1 + * g10/sign.c (update_keysig_packet): Bail out if we would need to long + for a new timestamp. + + gpg: Print more info with "check selfsig". + + commit 2c60663a72f090573c4869e305b098b4b1fb23bd + * g10/keyedit.c (print_and_check_one_sig): Print more Some sigsub + packets. + + gpg: Add debug helper to --edit-keys's check sub-command. + + commit 13a3f65968f4a8205ca664cc46b1a53de4dc489b + * g10/keyedit.c (print_and_check_one_sig): Add arg "extended" and + print an asterisk for the chosen selfsig. + (check_all_keysigs): Add arg "only_selfsig" + (keyedit_menu) <cmdCHECK>: Add optional arg "selfsig". + +2015-10-01 NIIBE Yutaka <gniibe@fsij.org> + + common: Fix strsplit. + + commit a9895a5a72a851c5fcc70f16d5f8f588cc885751 + * common/stringhelp.c (strsplit): Fix arguments order. + +2015-09-30 Neal H. Walfield <neal@g10code.com> + + common: Add mkdir_p. + + commit c8584a1e559bc720412e1a2fc546a54ff4517205 + * common/mkdir_p.c: New file. + * common/mkdir_p.h: New file. + * common/Makefile.am (common_sources): Add mkdir_p.c and mkdir_p.h. + + common: Remove unused files. + + commit 5576146ede40b42bc632fd9697dd429a4d1409cf + * common/xmalloc.c: Remove file. + * common/xmalloc.h: Remove file. + + common: Include <gpg-error.h>. + + commit 270d3f55f9193ebda5e1b642d58daf905019914d + * common/logging.h: Include <gpg-error.h>. + +2015-09-29 Neal H. Walfield <neal@g10code.com> + + g10: Remove unused struct cmp_help_context_s. + + commit 8ab63e4b5018044ecfb0b9910412487066886826 + * g10/sig-check.c (struct cmp_help_context_s) Remove unused struct. + + g10: Avoid an unnecessary copy. + + commit 12443eafa6e19b94a8b554126423e2a5ccc2dd7e + * g10/sig-check.c (signature_check2): Avoid copying PK to RET_PK. + Instead, directly use the provided storage. If none is provided + allocate some. + +2015-09-29 NIIBE Yutaka <gniibe@fsij.org> + + ssh: Fix fingerprint computation for EdDSA key. + + commit 5c067d54d349fdfb3243634789c8841515d2c28f + * common/ssh-utils.c (get_fingerprint): Handle the prefix of 0x40. + * common/t-ssh-utils.c (sample_keys): Add a new key. + + agent: RSA signature verification by gpg-agent. + + commit cfbe6ba9cf1414e9aa4977e2bbaecaa43154b2ae + * g10/sign.c (do_sign): Let verify signature by gpg-agent. + * agent/pksign.c (agent_pksign_do): Call gcry_pk_verify for RSA. + +2015-09-28 Werner Koch <wk@gnupg.org> + + common: Provide two new error code replacements. + + commit f1effdc5ecd0cc52a28db7ae28a5c28f33486542 + * common/util.h (GPG_ERR_FALSE, GPG_ERR_TRUE): Rew replcements. + + common: Change calling convention for gnupg_spawn_process. + + commit 83811e3f1f0c615b2b63bafdb49a35a0fc198088 + * common/exechelp.h (GNUPG_SPAWN_NONBLOCK): New. + (GNUPG_SPAWN_RUN_ASFW, GNUPG_SPAWN_DETACHED): Macro to replace the + numbers. + * common/exechelp.h (gnupg_spawn_process): Change function to not take + an optional stream for stdin but to return one. + * common/exechelp-posix.c (gnupg_spawn_process): Implement change. + (create_pipe_and_estream): Add args outbound and nonblock. + * common/exechelp-w32.c (gnupg_spawn_process): Implement change. + +2015-09-28 NIIBE Yutaka <gniibe@fsij.org> + + scd: Handle error correctly. + + commit 6bb7206e357acfd7276a8f1334c0f0c9cc6ed100 + * scd/apdu.c (apdu_connect): Initialize variables and check an error + of apdu_get_status_internal. + +2015-09-22 Werner Koch <wk@gnupg.org> + + ssh: Add 256, 384 and 521 bit test keys for the fingerprint. + + commit 12ff806d1b63d08cb43d131065d51353495d9346 + * common/t-ssh-utils.c (sample_keys): Add 3 new keys. + + ssh: Fix fingerprint computation for 384 bit ECDSA keys. + + commit 2167951b275bae51cf669c02547e2e7ea8fbe2ee + * common/ssh-utils.c (get_fingerprint): Fix hashed string. + +2015-09-19 NIIBE Yutaka <gniibe@fsij.org> + + agent: Fix importing ECC key. + + commit 1542dc604b9c3e6a6a99750c48f7800e72584a89 + * agent/cvt-openpgp.c (convert_from_openpgp_main): Only encrypted + parameters are stored as opaque. + (apply_protection): ARRAY members are all normal, non-opaque MPI. + (extract_private_key): Get public key as normal, non-opaque MPI. + Remove support of ECC key with '(flags param)'. + Remove support of "ecdsa" and "ecdh" keys of our experiment. + + scd: Fix KEYTOCARD handling for ECC key. + + commit 708b7eccdef8d274bd5578b9a5fd908e9685c795 + * scd/app-openpgp.c (ecc_writekey): Only public key can be native + format. + +2015-09-19 Neal H. Walfield <neal@g10code.com> + + common: Add new function strlist_length. + + commit 8499c4f84a664bedbdf5a5689cb02420909f1968 + * common/strlist.c (strlist_length): New function. + +2015-09-18 Werner Koch <wk@gnupg.org> + + gpgconf: Change displayed name of Dirmngr to "Network Manager". + + commit 819bba75aaed11ecef2e274add173718358212b9 + * tools/gpgconf-comp.c (gc_component): Change printed name. + + dirmngr: Add option --use-tor as a stub. + + commit c091816b4a90d7eea6f8601ec1522a0a006794e8 + * dirmngr/dirmngr.h (opt): Add field "use_tor". + * dirmngr/dirmngr.c (oUseTor): New. + (opts): Add --use-tor. + (parse_rereadable_options): Set option. + (main): Tell gpgconf about that option. + + * dirmngr/crlfetch.c (crl_fetch): Pass TOR flag to the http module and + return an error if LDAP is used in TOR mode. + (ca_cert_fetch): Return an error in TOR mode. + (start_cert_fetch): Ditto. + * dirmngr/ks-engine-finger.c (ks_finger_fetch): Pass TOR flag to the + http module. + * dirmngr/ks-engine-hkp.c (send_request): Ditto. + * dirmngr/ks-engine-http.c (ks_http_fetch): Ditto. + * dirmngr/ks-engine-ldap.c (ks_ldap_get): Return an error in TOR mode. + (ks_ldap_search): Ditto. + (ks_ldap_put): Ditto. + * dirmngr/ocsp.c (do_ocsp_request): Ditto. Also pass TOR flag to the + http module. + + * dirmngr/server.c (option_handler): Add "honor-keyserver-url-used". + (cmd_dns_cert): Return an error in TOR mode. + (cmd_getinfo): Add subcommand "tor" + * tools/gpgconf-comp.c (gc_options_dirmngr): Add TOR group. + + gpg: Report a conflict between honor-keyserver-url and TOR. + + commit d5a3142b8f2e5603357182f34f0b081b47eda23c + * g10/call-dirmngr.c (create_context): Send option and print a verbose + error. + + http: Add flag to force use of TOR (part 1) + + commit b4bc1c8b10c7a794fa108678b80f76366a65c47d + * common/http.h (HTTP_FLAG_FORCE_TOR): New. + * common/http.c (http_raw_connect, send_request): Detect flag and + return an error for now. + +2015-09-17 NIIBE Yutaka <gniibe@fsij.org> + + po: Update Japanese translation. + + commit f986b23e13eaa2d7705733b4bf6b5210311f181a + + + scd: Fix ccid-driver timeout for OpenPGPcard v2.1. + + commit 6510df3a7cd2b5bf44fac1e4d50ee54b8c897daa + * scd/ccid-driver.c (CCID_CMD_TIMEOUT): New. + (ccid_transceive_apdu_level, ccid_transceive): Use. + +2015-09-16 Werner Koch <wk@gnupg.org> + + agent: New option --pinentry-invisible-char. + + commit 93d257c81952cbb08a744a9cea6749639aa32cd7 + * agent/gpg-agent.c (oPinentryInvisibleChar): New. + (opts): Add option. + (parse_rereadable_options): Set option. + * agent/agent.h (opt): Add field pinentry_invisible_char. + * agent/call-pinentry.c (start_pinentry): Pass option to pinentry. + + g13: Move some code to a separate module. + + commit 9e65bbd255c43f0e59f35b0003052234d69042be + * g13/g13-common.c, g13/g13-common.h: New. + * g13/Makefile.am (g13_SOURCES): Add new files. + * g13/g13.c (g13_errors_seen): Move to g13-common.c. + (cmdline_conttype): New. + (main): Use g13_init_signals and g13_install_emergency_cleanup. + (emergency_cleanup, g13_exit): Move to g13-common.c. + * g13/g13.h: Move OPT and some other code to g13-common.h. + + gpg: Fix skip function dummy parameter. + + commit 8eb3a1797a1e7cb59a8342a8aa917756fe67949f + * g10/trustdb.c (search_skipfnc): Fix dummy argument + + gpg: Change last commit to avoid extra translations. + + commit f71ed902def81f9408d9094289d8a97abaa0f609 + * g10/keyedit.c (keyedit_menu): Do not print usage hints in expert + mode. + +2015-09-16 Neal H. Walfield <neal@g10code.com> + + g10: Improve error message. + + commit 172af881a1cfe82dfec1c43102d6c464e67ef230 + * g10/keyedit.c (keyedit_menu): When complaining that a user ID or key + must be selected, indicate what command to use to do this. + + g10: Be more careful when merging self-signed data. + + commit 6845737736d3264d7ee8b7364d908951010084c9 + * g10/getkey.c (merge_selfsigs_main): Stop looking for self-signed + data belonging to the public key when we encounter an attribute packet + or a subkey packet, not just a user id packet. When looking for + self-signed data belonging to a user id packet, stop when we see a + user attribute packet. + + g10: Simplify some complicated boolean expressions. + + commit c31e089129c0102c1710522d71fbe1880e84d68e + * g10/getkey.c (finish_lookup): Simplify logic. + + g10: Also mark revoked and expired keys as unusable. + + commit 77c2ad4a817c129b899708399ed2078a52b452b8 + * g10/getkey.c (skip_unusable): Also mark the key as unusable if it + has been revoked or has expired. + + g10: Release resources when returning an error in get_seckey. + + commit 1b601de06a57c78537a336093d2531d8c58bc0d2 + * g10/getkey.c (get_seckey): If the key doesn't have a secret key, + release *PK. + + g10: Improve documentation and comments for getkey.c. + + commit cab581c486e1987445092b1afdf2cba1f62d017d + * g10/getkey.c: Improve documentation and comments for most + functions. Move documentation for public functions from here... + * g10/keydb.h: ... to here. + + g10: Remove unused function have_any_secret_key. + + commit 7333e704efde6923d4b914b37e9a92c4a5bab156 + * g10/getkey.c (have_any_secret_key): Remove function. + + g10: Bring cache semantics closer to non-cache semantics. + + commit 5e233e12f55be00f5659c63bc32fbdca2ec93136 + * g10/getkey.c (get_pubkey_fast): When reading from the cache, only + consider primary keys. + + g10: Break out of the loop earlier. + + commit 3940f10af7915b080bf4ed25ceb7e20b52e3cd3e + * g10/getkey.c (have_secret_key_with_kid): Once we find the relevent + key or subkey, stop searching. + + g10: Don't skip legacy keys if the search mode is KEYDB_SEARCH_MODE_NEXT + + commit 50affffe93a07643f2610c7a5f3d6f61988855e8 + * g10/getkey.c (lookup): Also don't skip legacy keys if the search + mode is KEYDB_SEARCH_MODE_NEXT. + + g10: Remove unused function get_seckeyblock_byfprint. + + commit efbaa8f891812e13ae9e689299aa2cd51781ccb3 + * g10/keydb.h (get_seckeyblock_byfprint): Remove prototype. + * g10/getkey.c (get_seckeyblock_byfprint): Remove function. + + g10: Remove unused function get_seckey_byfprint. + + commit e2b300801ed7143fa924df5442ec2b61079c0bbb + * g10/keydb.h (get_seckey_byfprint): Remove prototype. + * g10/getkey.c (get_seckey_byfprint): Remove function. + + g10: Simplify get_seckey_byname: it was never called with NAME not NULL. + + commit 80dbf8006ffe52e77930b0a6dca9d8caba8c3fd5 + * g10/keydb.h (get_seckey_byname): Rename from this... + (get_seckey_default): ... to this. Drop the parameter name. Update + users. + * g10/getkey.c (get_seckey_byname): Rename from this... + (get_seckey_default): ... to this. Drop the parameter name. Drop the + code which assumed that NAME is not NULL. + + g10: Eliminate the redundant function get_keyblock_byfprint. + + commit dc69804ab0576fbc87297215d63b37a680d74d4d + * g10/keydb.h (get_keyblock_byfprint): Remove prototype. Replace use + of this function with get_pubkey_byfprint. + * g10/getkey.c (get_pubkey_byname): Remove function. + + g10: Simplify semantics of get_pubkey_byname. + + commit 911fcca36d61afd061e9e6dc0584bb069353db89 + * g10/getkey.c (get_pubkey_byname): If R_KEYBLOCK is not NULL, return + the keyblock in R_KEYBLOCK independent of whether PK is set or not. + + g10: Eliminate the redundant function get_pubkey_byname. + + commit b4672e4d48fb1e1e4d17551c4c828763d1dfbb57 + * g10/getkey.c (get_pubkey_byname): Remove function. + (lookup): Replace use of get_pubkey_byname by get_pubkey_byfprint. + + g10: Eliminate the redundant function get_pubkey_end. + + commit 65e58ae6748c280c8633d2ca5f227ebe1220805d + * g10/keydb.h (get_pubkey_end): Remove declaration. Replace use of + function with getkey_end. + * g10/getkey.c (get_pubkey_byname): Remove function. + + g10: Eliminate the redundant function get_pubkey_next. + + commit be6743b2e19241f66148bf89c3442d8e2ebcd63e + * g10/keydb.h (get_pubkey_next): Remove prototype. + * g10/getkey.c (get_pubkey_next): Remove function. + * g10/keylist.c (locate_one): Use getkey_next instead of + get_pubkey_next. + + kbx: Change skipfnc's prototype so that we can provide all information. + + commit 9acbeac23668a1d0dabca27d7825430d76e095c2 + * kbx/keybox-search-desc.h (struct keydb_search_desc.skipfnc): Change + third parameter to be the index of the user id packet in the keyblock + rather than the packet itself. Update users. + + g10: Remove unused prototype (get_pubkey_byfpr). + + commit 83e17ab1b4cf4420f2abaf9e1f4017a9473fb281 + * g10/keydb.h (get_pubkey_byfpr): Remove unused prototype. + + g10: Remove unused function (get_pubkey_bynames). + + commit b06f96ba4f57f55194efcd37a0e3a2aa5450b974 + * g10/keydb.h (get_pubkey_bynames): Remove prototype. + * g10/getkey.c (get_pubkey_bynames): Remove function. + + g10: Simplify code. Turn struct getkey_ctx_s.found_key into an argument + + commit d47e84946ee010917cfc3501062721b74afbb771 + * g10/getkey.c (struct getkey_ctx_s): Remove field found_key. + (lookup): Add argument ret_found_key. If not NULL, set it to the + found key. Update callers. + (pk_from_block): Add argument found_key. Use it instead of + CTX->FOUND_KEY. Update callers. + (finish_lookup): Return a KBNODE (the found key) instead of an int. + Don't set CTX->FOUND_KEY. Return the found key instead. + + g10: Remove unused field struct getkey_ctx_s.kbpos. + + commit c110e186e07fb1035dc757d322274f939df1c86d + * g10/getkey.c (struct getkey_ctx_s): Remove field kbpos. + (getkey_end): Don't clear CTX->KBPOS. + + g10: Simplify code: remove field struct getkey_ctx_s.keyblock. + + commit 3798f73c07f33576bd02ba4a3256c626bd80752f + * g10/getkey.c (struct getkey_ctx_s): Remove field keyblock. + (finish_lookup): Add parameter keyblock. Update caller to pass this. + (lookup): Add new local variable keyblock. Use this instead of + ctx->keyblock for referencing the keyblock. + +2015-09-16 NIIBE Yutaka <gniibe@fsij.org> + + agent: Fix registering SSH Key of Ed25519. + + commit 7d5999f0964c9412c0e18eb1adefdb729be68cd4 + * agent/command-ssh.c (stream_read_string): Add the prefix of 0x40. + +2015-09-15 NIIBE Yutaka <gniibe@fsij.org> + + po: Update Japanese translation. + + commit faee25e670cfeb0d0166d7c59cc6a0b3842ee34d + + +2015-09-10 Werner Koch <wk@gnupg.org> + + Release 2.1.8. + + commit 311816f6cf9d411dba060603e3c5d01c72824645 + + + tests: Silence the 5gb-packet test. + + commit 7a0c3cc760367024305d23e2124ea4cbc7e802df + * tests/openpgp/4gb-packet.test: Send output to /dev/null. + + g10: Fix make distcheck problem. + + commit e92a8ab021672b19e5cd397fa555fcc8a3401e8b + * g10/test.c: Include string.h. + (prepend_srcdir): New. Taken from Libgcrypt. + (test_free): New. + * g10/t-keydb.c (do_test): Malloc the filename. + * g10/Makefile.am (AM_CPPFLAGS): Remove -DSOURCE_DIR + (EXTRA_DIST): Add t-keydb-keyring.kbx. + + g10: Improve portability of the new test driver. + + commit fbf24cd09abcdc3dec21db4114ab2db99ce21e4c + * g10/test.c: Include stdio.h and stdlib.h. + (verbose): New. + (print_results): Rename to exit_tests. + (main): Remove atexit and call exit_tests. Set verbose. + (ASSERT, ABORT): Call exit_tests instead of exit. + +2015-09-09 Werner Koch <wk@gnupg.org> + + dirmngr: Allow sending much larger keyblocks. + + commit 19545e3a2d2990cba6d62f98cdb1f665b38ba4f1 + * dirmngr/server.c (MAX_CERT_LENGTH): Increase to 16k. + (MAX_KEYBLOCK_LENGTH): Increase to 20M. + +2015-09-07 NIIBE Yutaka <gniibe@fsij.org> + + scd: Force key attribute change for writekey. + + commit f10b427d0e2be333776fee2df8150145da36e587 + * scd/app-openpgp.c (change_rsa_keyattr): New. + (change_keyattr_from_string): Use change_rsa_keyattr. + (rsa_writekey): Call change_rsa_keyattr when different size. + (ecc_writekey): Try to change key attribute. + + scd: KEYNO cleanup. + + commit fd689e85423d0d80d725f0315c52d94f0e9766f8 + * scd/app-openpgp.c (get_public_key, send_keypair_info, do_readkey) + (change_keyattr, change_keyattr_from_string, ecc_writekey, do_genkey) + (compare_fingerprint, check_against_given_fingerprint): KEYNO starts + from 0. + +2015-09-02 Neal H. Walfield <neal@g10code.com> + + g10: Remove unused field req_algo. + + commit bd0c902f1de46eda03a065da41487e7e01ab4c50 + * g10/packet.h (PKT_public_key): Remove unused field req_algo. Remove + users. + * g10/getkey.c (struct getkey_ctx_s): Remove unused field req_algo. + Remove users. + + g10: Use a symbolic constant instead of a literal. + + commit 1f03d4cd940fed26fc3ffa1742728d68c55ee5d1 + * g10/trustdb.c (KEY_HASH_TABLE_SIZE): Define. + (new_key_hash_table): Use KEY_HASH_TABLE_SIZE instead of a literal. + (release_key_hash_table): Likewise. + (test_key_hash_table): Likewise. + (add_key_hash_table): Likewise. + + g10: Add test for keydb as well as new testing infrastructure. + + commit ee7ec1256b24dc340656c331ef92fc59cad817b6 + * g10/Makefile.am (EXTRA_DIST): Add test.c. + (AM_CPPFLAGS): Add -DSOURCE_DIR="\"$(srcdir)\"". + (module_tests): Add t-keydb. + (t_keydb_SOURCES): New variable. + (t_keydb_LDADD): Likewise. + * g10/t-keydb.c: New file. + * g10/t-keydb-keyring.kbx: New file. + * g10/test-stubs.c: New file. + * g10/test.c: New file. + + g10: Make the keyblock cache per-handle rather than global. + + commit 60bc518645d3acfd4dcb79e61a2be6ce001e93aa + * g10/keydb.c (keyblock_cache): Don't declare this variable. Instead... + (struct keyblock_cache): ... turn its type into this first class + object... + (struct keydb_handle): ... and instantiate it once per database + handle. Update all users. + (keydb_rebuild_caches): Don't invalidate the keyblock cache. + + g10: If iobuf_seek fails when reading from the cache, do a hard read. + + commit f076fa190e09eab5c586650d81e241e0bb85ce25 + * g10/keydb.c (keydb_get_keyblock): If the iobuf_seek fails when + reading from the cache, then simply clear the cache and try reading + from the database. + + iobuf: Reduce verbosity of test. + + commit 219de84df9a8408fffedbb2600f5eb4c441950b6 + * common/t-iobuf.c (main): Reduce verbosity. + + iobuf: Add the IOBUF_INPUT_TEMP type to improve input temp handling. + + commit f2d75ac7dc58f5ea59b231be6b83fea939b43ab8 + * common/iobuf.h (enum iobuf_use): Add new member, IOBUF_INPUT_TEMP. + * common/iobuf.c (iobuf_temp_with_content): Create the iobuf as an + IOBUF_INPUT_TEMP, not an IOBUF_INPUT buffer. Assert that LENGTH == + A->D.SIZE. + (iobuf_push_filter2): If A is an IOBUF_INPUT_TEMP, then make the new + filter an IOBUF_INPUT filter and set its buffer size to + IOBUF_BUFFER_SIZE. + (underflow): If A is an IOBUF_INPUT_TEMP, then just return EOF; don't + remove already read data. + (iobuf_seek): If A is an IOBUF_INPUT_TEMP, don't discard the buffered + data. + (iobuf_alloc): Allow USE == IOBUF_INPUT_TEMP. + (pop_filter): Allow USE == IOBUF_INPUT_TEMP. + (iobuf_peek): Allow USE == IOBUF_INPUT_TEMP. + (iobuf_writebyte): Fail if USE == IOBUF_INPUT_TEMP. + (iobuf_write): Fail if USE == IOBUF_INPUT_TEMP. + (iobuf_writestr): Fail if USE == IOBUF_INPUT_TEMP. + (iobuf_flush_temp): Fail if USE == IOBUF_INPUT_TEMP. + + iobuf: Rename IOBUF_TEMP to IOBUF_OUTPUT_TEMP. + + commit 5ff5e72b9c275fbd978136b1028bbf251af26e57 + * common/iobuf.h (enum iobuf_use): Rename IOBUF_TEMP to + IOBUF_OUTPUT_TEMP. Update users. + + iobuf: Use a first-class enum. + + commit 24259d856b6cbdd679035512a8fb7c042de8f02e + * common/iobuf.h (enum iobuf_use): Name the IOBUF_OUTPUT, etc. enum. + (struct iobuf_struct): Change the field use's type to it. + + iobuf: Fix test. + + commit 8522cdc2264804d0677b7c0a447a0b45cf4195e3 + * common/t-iobuf.c (content_filter): If there is nothing to read, + don't forget to set *LEN to 0. + (main): Fix checks. + +2015-09-01 Werner Koch <wk@gnupg.org> + + agent: Protect commit 135b1e3 against misbehaving Libgcrypt. + + commit 9ba4ccdaf5e128fbea51ff142c63d4b359c7264d + * agent/command-ssh.c (ssh_key_to_blob): Check DATALEN. + + gpg: Remove option --no-sig-create-check. + + commit f9c83d84e7d33df76898975f5ac852efa9c4882a + * g10/gpg.c (opts): Remove --no-sig-create-check. + * g10/options.h (struct opt): Remove field no_sig_create_check. + * g10/sign.c (do_sign): Always check unless it is RSA and we are using + Libgcrypt 1.7. + + common: Assume an utf-8 locale on iconv errors. + + commit 99c9bf7defd6c1ac9cc49c84e6c78eeb886a6952 + * common/utf8conv.c (handle_iconv_error): Use utf-8 as fallback. + + common: Fix regression in building argpase.c standalone. + + commit bc23e69b70191f887dcb937007833d0187af181f + * common/argparse.c (is_native_utf8) [GNUPG_MAJOR_VERSION]: New. + +2015-08-31 Neal H. Walfield <neal@g10code.com> + + g10: Don't leak memory if we fail to initialize a new database handle. + + commit 04a6b903d0354be2c69c7f2c98987de17d68416e + * g10/keydb.c (keydb_new): If we fail to open a keyring or keybox + correctly release all resources. + + g10: Improve interface documentation of the keydb API. + + commit 360b699e9b4b8f99bd790b3cd158cd6f0fd7c131 + * g10/keydb.c: Improve code comments and documentation of internal + interfaces. Improve documentation of public APIs and move that to... + * g10/keydb.h: ... this file. + + g10: Don't cache search results if the search didn't scan the whole DB. + + commit efd1ead9e779eb3bd37384258e08ad921a934612 + * g10/keydb.c (struct keydb_handle): Add new field is_reset. + (keydb_new): Initialize hd->is_reset to 1. + (keydb_locate_writable): Set hd->is_reset to 1. + (keydb_search): Set hd->is_reset to 0. Don't cache a key not found if + the search started from the beginning of the database. + + g10: Have keydb_search_first call keydb_search_reset before searching. + + commit 11d8ffc939a4d20cfb0082b2d966b1e1a7d61f8d + * g10/keydb.c (keydb_search_first): Reset the handle before starting + the search. + + g10: Remove unused parameter. + + commit 0377db4b3581561b1ffc5bb7c3b4d698e8993b3a + * g10/keydb.h (keydb_locate_writable): Remove unused parameter + reserved. Update users. + +2015-08-31 NIIBE Yutaka <gniibe@fsij.org> + + agent: Fix SSH public key for EdDSA. + + commit 135b1e32f01beaceba8a4ecc774e23b56aca1d24 + * agent/command-ssh.c (ssh_key_to_blob): Remove the prefix 0x40. + +2015-08-26 Neal H. Walfield <neal@g10code.com> + + g10: Simplify cache. Only include data that is actually used. + + commit fad91071cadff43d77ce2e524dfb03999ba6678e + * g10/keydb.c (struct kid_list_s): Rename from this... + (struct kid_not_found_cache_bucket): ... to this. Update users. + Remove field state. + (kid_list_t): Remove type. + (KID_NOT_FOUND_CACHE_BUCKETS): Define. Use this instead of a literal. + (kid_found_table): Rename from this... + (kid_not_found_cache_bucket): ... to this. Update users. + (kid_found_table_count): Rename from this... + (kid_not_found_cache_count): ... to this. Update users. + (kid_not_found_p): Only return whether a key with the specified key id + is definitely not in the database. + (kid_not_found_insert): Remove parameter found. Update callers. + (keydb_search): Only insert a key id in the not found cache if it is + not found. Rename local variable once_found to already_in_cache. + +2015-08-25 Werner Koch <wk@gnupg.org> + + Add configure option --enable-build-timestamp. + + commit 9d07f6930aaa40dce92104e8c99241713d92eed2 + * configure.ac (BUILD_TIMESTAMP): Set to "<none>" by default. + + gpg: Emit ERROR status for key signing failures. + + commit 51b9b8fba4ee326013c2cc911c70cde4c5f81fc7 + * g10/keyedit.c (sign_uids): Write an ERROR status for a signing + failure. + (menu_adduid, menu_addrevoker, menu_revsig): Ditto. + (menu_revuid, menu_revkey, menu_revsubkey): Ditto. + + gpg: Print a new FAILURE status after most commands. + + commit 9cdff09743c473a12359bfdb914578ede0e4e3e2 + * common/status.h (STATUS_FAILURE): New. + * g10/cpr.c (write_status_failure): New. + * g10/gpg.c (main): Call write_status_failure for all commands which + print an error message here. + * g10/call-agent.c (start_agent): Print an STATUS_ERROR if we can't + set the pinentry mode. + +2015-08-24 Neal H. Walfield <neal@g10code.com> + + agent: Raise the maximum password length. Don't hard code it. + + commit 348a6ebb63523305ce9f47d0f3e8a9086c338fed + * agent/agent.h (MAX_PASSPHRASE_LEN): Define. + * agent/command-ssh.c (ssh_identity_register): Use it instead of a + hard-coded literal. + * agent/cvt-openpgp.c (convert_from_openpgp_main): Likewise. + * agent/findkey.c (unprotect): Likewise. + * agent/genkey.c (agent_ask_new_passphrase): Likewise. + +2015-08-24 Werner Koch <wk@gnupg.org> + + sm: Support secret key export via the Assuan interface. + + commit 3cf02192a890d04f8f558cb72d46f9bd7a378322 + * sm/server.c (cmd_export): Add options --secret, --raw, and --pkcs12. + +2015-08-23 Werner Koch <wk@gnupg.org> + + dirmngr: Allow sending of Zack's key. + + commit 84f4c8811fc5bdd78693c4dc289389a8337cc257 + * dirmngr/server.c (MAX_KEYBLOCK_LENGTH): Increase to 1 MiB. + + gpg: Fix regression in packet parser from Aug 19. + + commit 88317ae8c829bfeb1689415efbd32b7a232d7bd0 + * g10/parse-packet.c (parse): Use an int to compare to -1. Use + buf32_to_ulong. + + gpg: Show not found keys with --locate-key --verbose. + + commit 00def10d365a88ce2d034ea9a5d6be4b03285fa4 + * g10/keylist.c (locate_one): Print a diagnostic for a not-found key. + +2015-08-21 Neal H. Walfield <neal@g10code.com> + + common: Don't incorrectly reject 4 GB - 1 sized packets. + + commit 09f2a7bca624d0492e1d7ab29ce19542249c13ff + * g10/parse-packet.c (parse): Don't reject 4 GB - 1 sized packets. + Add the constraint that the type must be 63. + * kbx/keybox-openpgp.c (next_packet): Likewise. + * tests/openpgp/4gb-packet.asc: New file. + * tests/openpgp/4gb-packet.test: New file. + * tests/openpgp/Makefile.am (TESTS): Add 4gb-packet.test. + (TEST_FILES): Add 4gb-packet.asc. + + common: Don't assume on-disk layout matches in-memory layout. + + commit 4f37820334fadd8c5036ea6c42f3dc242665c4a9 + * g10/packet.h (PKT_signature): Change revkey's type from a struct + revocation_key ** to a struct revocation_key *. Update users. + + common: Don't incorrectly copy packets with partial lengths. + + commit b3226cadf9bbef4a367072396e5b0abf37afff2d + * g10/parse-packet.c (parse): We don't handle copying packets with a + partial body length to an output stream. If this occurs, log an error + and abort. + + common: Check parameters more rigorously. + + commit 0143d5c1ca4d12ac252c14f01931f48131591065 + * g10/parse-packet.c (dbg_copy_all_packets): Check that OUT is not + NULL. + (copy_all_packets): Likewise. + + common: Don't continuing processing on error. + + commit 48e792cc951a9d00fad0691ef7411c9e22cf675a + * g10/parse-packet.c (dbg_parse_packet): Also return if parse returns + an error. + (parse_packet): Likewise. + (dbg_search_packet): Likewise. + (search_packet): Likewise. + + common: Better respect the packet's length when reading it. + + commit 73af66a0aada8f30d8f400fdc4f69e233fb53089 + * g10/parse-packet.c (parse_signature): Make sure PKTLEN doesn't + underflow. Be more careful that a read doesn't read more data than + PKTLEN says is available. + +2015-08-20 Werner Koch <wk@gnupg.org> + + po: Add lost translation of validity strings. + + commit 0d5a4138f27187e7828ef8216758edc9b48b2c64 + * po/POTFILES.in (trust.c): Add missing file. + * po/de.po: Changed German validity strings. + * doc/help.de.txt: Ditto. + +2015-08-20 Neal H. Walfield <neal@g10code.com> + + g10/parse-packet.c:parse: Try harder to not ignore an EOF. + + commit 0add91ae1ca3718e8140af09294c595f47c958d3 + * g10/parse-packet.c (parse): Be more robust: make sure to process any + EOF. + + g10/parse-packet.c: Replace literal with symbolic expression. + + commit 24a72dffa75a04611c98343140c4eb0fbfe2a59f + * g10/parse-packet.c (dump_hex_line): Use sizeof rather than the + buffer's size. + + Add documentation for g10/parse-packet.c. + + commit 026feff4a8e3090fb152af72c73aaa80c78e4551 + * g10/packet.h: Add documentation for functions defined in + parse-packet.c. + * g10/parse-packet.c: Improve comments for many functions. + + g10/packet.h: Remove unused argument from enum_sig_subpkt. + + commit c46e8bfe9a1ae3f1e5327d0451cffd6e4567b449 + * g10/packet.h (enum_sig_subpkt): Remove argument RET_N. Update + callers. + * g10/parse-packet.c (enum_sig_subpkt): Remove argument RET_N. + + g10/parse-packet.c:mpi_read: Detect EOF and correct boundary conditions. + + commit c271feb53664dbf2b4ccbae90a31b8e726481e2d + * g10/parse-packet.c (mpi_read): Improve documentation. Correctly + handle an EOF. On overflow, correctly return the number of bytes read + from the pipeline. + + common/iobuf.c: Make control flow more obvious. + + commit 49f922286fa8adb2d2ca730eb7bbe67e684b20de + * common/iobuf.c (iobuf_read): Make control flow more obvious. + (iobuf_get_filelength): Likewise. + (iobuf_get_fd): Likewise. + (iobuf_seek): Likewise. + + common/iobuf.c: Add some sanity checks to catch programmer bugs. + + commit c5da750cf3d53277fe6d86776bfe0d2304b05151 + * common/iobuf.c (iobuf_alloc): Check that BUFSIZE is not 0. + (iobuf_readbyte): Check that A is an input filter. Check that the + amount of read data is at most the amount of buffered data. + (iobuf_read): Check that A is an input filter. + (iobuf_writebyte): Check that A is not an input filter. + (iobuf_writestr): Check that A is not an input filter. + (iobuf_flush_temp): Check that A is not an input filter. + + common/iobuf.c:iobuf_write_temp: Elide redundant code. + + commit e291b631c3b1aedf529078190cd51e2acfcd1d92 + * common/iobuf.c (iobuf_write_temp): Don't repeat iobuf_flush_temp. + Use it directly. + + common/iobuf.c: Have iobuf_writestr use iobuf_write, not iobuf_writebyte + + commit a6d4bca3b576c3c5dba1aa6e8c1039089e14147b + * common/iobuf.c (iobuf_write): Don't write a byte at a time. Use + iobuf_write. + + common/iobuf: Improve documentation and code comments. + + commit 1bfd1e43246c16e20f819bf5381ca21abde54458 + common/iobuf.h: Improve documentation and code comments. + common/iobuf.c: Likewise. + + common/iobuf.c: Adjust buffer size of filters in front of temp filters. + + commit 0d40c4e83f6fbfea2f494f1f88412d3132ff98bd + * common/iobuf.c (iobuf_push_filter2): If the head filter is a temp + filter, use IOBUF_BUFFER_SIZE for the new filter. + + common/iobuf.c: Buffered data should not be processed by new filters. + + commit 827cc922d84d8113d4f13ebbed1314e03da5f7d2 + * common/iobuf.c (iobuf_push_filter2): If the pipeline is an output or + temp pipeline, the new filter shouldn't assume ownership of the old + head's internal buffer: the data was written before the filter was + added. + * common/t-iobuf.c (double_filter): New function. + (main): Add test cases for the above bug. + + common/iobuf.c: Flush the pipeline in iobuf_temp_to_buffer. + + commit 616181f3c757160af8539869a6d929faca4962c4 + * common/iobuf.c (iobuf_temp_to_buffer): Flush each filter in the + pipeline and copy the data from the last (not the first) filter's + internal buffer. + + common/iobuf.c: Combine iobuf_open, iobuf_create and iobuf_openrw. + + commit 15ae99f887f4694de8468625d455d487d283f719 + * common/iobuf.c (do_open): New function, which is a generalization of + iobuf_open, iobuf_Create, iobuf_openrw. + (iobuf_open): Call do_open. + (iobuf_create): Likewise. + (iobuf_openrw): Likewise. + + common/iobuf.h: Remove iobuf_open_fd_or_name. + + commit 8402815d8e0e04a44362968f88b3d484d2395402 + * common/iobuf.h (iobuf_open_fd_or_name): Remove prototype. Replace + use with either iobuf_open or iobuf_fdopen_nc, as appropriate. + * common/iobuf.c (iobuf_open): Remove function. + + common/iobuf.c: Rename iobuf_flush and make it a static function. + + commit 6d49a2b6691f2dd0d8ac34a15f18cc2a0c3ba5d3 + * common/iobuf.h (iobuf_flush): Remove prototype. + * common/iobuf.c (filter_flush): New static prototype. + (iobuf_flush): Rename... + (filter_flush): ... to this. Make static. Simplify code. Update + callers. + + common/iobuf.c: Don't abort freeing a pipeline if freeing a filter fails + + commit 1f94646a86348128f585301fcd605e5e703fd77d + * common/iobuf.c (iobuf_cancel): Don't abort freeing a pipeline if + freeing a filter fails. This needs to a memory leak. Instead, keep + freeing and return the error code of the first filter that fails. + + common/iobuf.c: Improve iobuf_peek. + + commit a250f73783c06d7789ac65a395d9247f4ab44c26 + * common/iobuf.c (underflow): Take additional parameter + clear_pending_eof. If not set, don't clear a pending eof when + returning EOF. Update callers. + (iobuf_peek): Fill the internal buffer, if needed, to be able to + better satisfy any request. + + common/iobuf.c: When requested, fill the buffer even if it is not empty. + + commit c7ad36eb0d7f872fc15e793aa1d0b6b89bc471d6 + * common/iobuf.c (underflow): Don't require that the buffer be empty. + When called, fill any available space. + + common/t-iobuf.c: Add a test case for multiple EOFs. + + commit e76c75d8726558dc9084710253f0f6780e06fad3 + common/t-iobuf.c (main): Add a test case for multiple EOFs in an INPUT + pipeline. + + common/iobuf.c: Better respect boundary conditions in iobuf_read_line. + + commit 4e32c602f5c40cca5f8f40e642ccb10d3f8c5614 + * common/iobuf.c (iobuf_read_line): Be more careful with boundary + conditions. + * common/iobuf.h: Include <gpg-error.h>. + * common/t-iobuf.c: New file. + * common/Makefile.am (module_tests): Add t-iobuf. + (t_mbox_util_LDADD): New variable. + + common/iobuf.c: Fix filter type for iobuf_temp_with_content. + + commit fa9fda23c2c8cf6982b7263f6882ed8687d98c16 + * common/iobuf.c (iobuf_temp_with_content): Set the filter type to + IOBUF_INPUT, not IOBUF_TEMP, which is only for output filters that + write into a dynamic buffer. + + common/iobuf.h: Remove unimplemented prototypes. + + commit 75fd86bbd175e085a93c1ad62f50ae936494b307 + * common/iobuf.h (iobuf_unread): Remove unimplemented prototype. + (iobuf_clear_eof): Likewise. + (iobuf_append): Likewise. + + common/iobuf.c: Refactor code to not need the desc field. + + commit 679acc671e621847f50d6b4dca10a22c62500b9a + * common/iobuf.h (struct iobuf_struct): Remove field desc. + * common/iobuf.c (iobuf_desc): New function. When a filter's + description is needed, use this instead of the filter's desc field. + + common/iobuf.h: Clarify semantics of nofast. Simplify implementation. + + commit 12fc56bcb51d984a6e86fc1eb7952f9976c67043 + * common/iobuf.h (struct iobuf_struct): Clarify semantics of nofast. + Simplify use of nofast to implement just these semantics. + + common/iobuf.c: Remove dead code (directfp). + + commit e8c0b6abf88309c23a70df0abbd38d42fa22a786 + * common/iobuf.h (struct iobuf_struct): Remove field directfp. Remove + all uses of it. + + common/iobuf.c: Remove dead code (opaque). + + commit f05d60b3813a97e316a067680d7598b74621a522 + * common/iobuf.h (struct iobuf_struct): Remove field opaque. Remove + all uses of it. + + common/iobuf.h: Replace further use of literals with symbolic constants. + + commit c06eabac8e85f7f79414363836f093415e8da62e + * common/iobuf.c: Move BLOCK_FILTER_INPUT, + BLOCK_FILTER_OUTPUT_BLOCK_FILTER_TEMP from here... + * common/iobuf.h: ... to here and rename to IOBUF_INPUT, IOBUF_OUTPUT + and IOBUF_TEMP, respectively. Where appropriate, use these macros + instead of a literal. + +2015-08-17 Werner Koch <wk@gnupg.org> + + gpg: Avoid linking to Libksba. + + commit 91357b7722f2bf0d3765ec72855bdc96732df9d6 + * kbx/keybox.h (KEYBOX_WITH_X509): Do not define. + * sm/Makefile.am (AM_CPPFLAGS): Define it here. + (common_libs): Change to libkeybox509.a + * g10/Makefile.am (AM_CFLAGS): remove KSBA_CFLAGS. + (gpg2_LDADD, gpgv2_LDADD): Remove KSBA_LIBS + * kbx/Makefile.am (noinst_LIBRARIES): Add libkeybox509.a. + (libkeybox509_a_SOURCES): New. + (libkeybox_a_CFLAGS): New. + (libkeybox509_a_CFLAGS): New. + (kbxutil_CFLAGS): New. + * kbx/keybox-search.c (has_keygrip) [!KEYBOX_WITH_X509]: Declare args + as unused. + +2015-08-16 Ben Kibbey <bjk@luxsci.net> + + Fix pinentry loopback and passphrase contraints. + + commit bba74cdd95ea98b5a7c3a12823b229341e91504e + * agent/command.c (cmd_get_passphrase): Don't repeat passphrase for + pinentry loopback mode. + * agent/genkey.c (check_passphrase_constraints): Immediately return when + pinentry mode is loopback. + + Fix sending INQUIRE_MAXLEN for symmetric data. + + commit 93f5295df512269dd8fecbd649b11cbacf78e864 + * g10/passphrase.c (passphrase_to_dek_ext): Write the status message. + +2015-08-15 Ben Kibbey <bjk@luxsci.net> + + Inform a user about inquire length limit. + + commit f126ca61565922b3b938c3486614b9bd7e6e454c + * common/status.h (INQUIRE_MAXLEN): New. + * g10/call-agent.c (default_inquire_cb): Send STATUS_INQUIRE_MAXLEN. + client when inquiring a passphrase over pinentry-loopback. + + Allow --gen-key to inquire a passphrase. + + commit 233b5fedabd80a34452e748132e65b5944310428 + * g10/gpg.c (main): test for --command-fd during --gen-key parse. + + When --command-fd is set then imply --batch to let gpg inquire a + passphrase rather than requiring a pinentry. + +2015-08-11 Werner Koch <wk@gnupg.org> + + Release 2.1.7. + + commit b5e081973b56b21214fc0c65ba9015dd026328b4 + + +2015-08-10 NIIBE Yutaka <gniibe@fsij.org> + + agent: fix ECC key handling. + + commit 8704c70108218a60f8fb2ee0e558ca8ed125600d + * agent/cvt-openpgp.c (get_keygrip, convert_secret_key) + (convert_transfer_key): CURVE is the name of curve. + +2015-08-08 Neal H. Walfield <neal@g10code.com> + + common/iobuf.c: Replace use of literals with symbolic constants. + + commit c80643c5ecbee89f343ef087313870cee1334fe4 + * common/iobuf.c (BLOCK_FILTER_INPUT): Define. Where appropriate, use + this instead of a literal. + (BLOCK_FILTER_OUTPUT): Likewise. + (BLOCK_FILTER_TEMP): Likewise. + +2015-08-07 Werner Koch <wk@gnupg.org> + + gpg: Allow gpgv to work with a trustedkeys.kbx file. + + commit 5b7a80b1ab91d2f199065e5dd14e85f42918975d + * g10/keydb.h (KEYDB_RESOURCE_FLAG_GPGVDEF): New. + * g10/keydb.c (keydb_add_resource): Take care of new flag. + * g10/gpgv.c (main): Use new flag. + + agent: Add option --force to the DELETE_KEY command. + + commit a68c5c5c7fe4ec8665e252e5062292f6c7b94fdd + * agent/findkey.c (agent_delete_key): Add arg "force". + * agent/command.c (cmd_delete_key): Add option --force. + + common: Change alias for Curve25519 to "cv25519". + + commit 9f31ab3d216ed74d6f392a62e3f95e0591174119 + * common/openpgp-oid.c (oidtable): Change alias. + +2015-08-06 Werner Koch <wk@gnupg.org> + + gpg: Remove duplicated printing of the curve name in "sub" lines. + + commit fb754dc6170d12edf3d35c48340b8d7b1ded20f7 + * g10/keylist.c (list_keyblock_print): Do not print extra curve name. + + gpg: Add commands "fpr *" and "grip" to --edit-key. + + commit fbb6c25ab5dbb5f2b1f1eb342ca7caa3f955d8c9 + * g10/keyedit.c (cmdGRIP): New. + (cmds): Add command "grip". + (keyedit_menu) <cmdFPR>: Print subkeys with argument "*". + (keyedit_menu) <cmdGRIP>: Print keygrip. + (show_key_and_fingerprint): Add arg "with_subkeys". + (show_key_and_grip): New. + * g10/keylist.c (print_fingerprint): Add mode 4. + + gpg: Adjust UID line indentation for common key algos. + + commit 969542c8c2f48a60c1d68b7bf70b0c00374bacba + * g10/keylist.c (list_keyblock_print): Change UID line indentation + * g10/mainproc.c (list_node): Ditto. + +2015-08-06 NIIBE Yutaka <gniibe@fsij.org> + + Curve25519 support. + + commit e5891a82c39997b65ce9ff90eb6120db7bedd399 + * agent/cvt-openpgp.c (get_keygrip): Handle Curve25519. + (convert_secret_key, convert_transfer_key): Ditto. + * common/openpgp-oid.c (oidtable): Add Curve25519. + (oid_crv25519, openpgp_oid_is_crv25519): New. + * common/util.h (openpgp_oid_is_crv25519): New. + * g10/ecdh.c (pk_ecdh_encrypt_with_shared_point): Handle the case + with Montgomery curve which uses x-only coordinate. + * g10/keygen.c (gen_ecc): Handle Curve25519. + (ask_curve): Change the API and second arg is to return subkey algo. + (generate_keypair, generate_subkeypair): Follow chage of ask_curve. + * g10/keyid.c (keygrip_from_pk): Handle Curve25519. + * g10/pkglue.c (pk_encrypt): Handle Curve25519. + * g10/pubkey-enc.c (get_it): Handle the case with Montgomery curve. + * scd/app-openpgp.c (ECC_FLAG_DJB_TWEAK): New. + (send_key_attr): Work with general ECC, Ed25519, and Curve25519. + (get_public_key): Likewise. + (ecc_writekey): Handle flag_djb_tweak. + + common: extend API of openpgp_oid_to_curve for canonical name. + + commit a6e40530898622fbc5d76557a7da5e69368ecaa4 + * common/openpgp-oid.c (openpgp_oid_to_curve): Add CANON argument. + * common/util.h: Update. + * g10/import.c (transfer_secret_keys): Follow the change. + * g10/keyid.c (pubkey_string): Likewise. + * g10/keylist.c (list_keyblock_print, list_keyblock_colon): Likewise. + * parse-packet.c (parse_key): Likewise. + * scd/app-openpgp.c (send_key_attr, get_public_key): Likewise. + +2015-08-05 NIIBE Yutaka <gniibe@fsij.org> + + scd: Fix ecc_oid. + + commit d088d2c81690a89051349ddc8a82fe222625f4e0 + * scd/app-openpgp.c (ecc_oid): Call with OIDBUF. + + scd: Fix ECC support. + + commit 0751571cac0f5aef2862c34a184f7f09ad9cb203 + * scd/app-openpgp.c (send_key_attr): Send KEYNO. + (get_public_key): Fix SEXP composing. + (ecc_writekey): Fix OID length calculation. + (ecc_oid): Prepend the length before query. + (parse_algorithm_attribute): Handle the case the curve is not available. + +2015-08-04 Werner Koch <wk@gnupg.org> + + gpg: Fix duplicate key import due to legacy key in keyring. + + commit 4a326d7c9a3b09efcccf4de00d6c003829ad89e8 + * g10/keydb.c (keydb_search_fpr): Skip legacy keys. + + gpg: Properly handle legacy keys while looking for a secret key. + + commit f05a63b10428df2878b1bb6fde57a2fc2aa99105 + * g10/getkey.c (have_secret_key_with_kid): Skip legacy keys. + +2015-07-31 Werner Koch <wk@gnupg.org> + + gpg: Fix endless loop for expired keys given by fpr. + + commit 328a6b6459a5ce4a70b374262f221ada20c40878 + * g10/getkey.c (lookup): Disable keydb caching when continuing a + search. + +2015-07-29 Werner Koch <wk@gnupg.org> + + gpg: Do not return "Legacy Key" from lookup if a key is expired. + + commit 23d8609f4b5ec3432323a676fd7ef225c0ef71a1 + * g10/getkey.c (lookup): Map GPG_ERR_LEGACY_KEY. + + gpg: Indicate secret keys and cards in a key-edit listing. + + commit 8b2b988309cbc5af339beb0a55ff71d7464eb646 + * g10/keyedit.c (sign_uids): Add arg "ctrl". + (show_key_with_all_names_colon): Ditto. + (show_key_with_all_names): Ditto. + + * g10/keyedit.c (show_key_with_all_names): Print key record + indicators by checking with gpg-agent. + (show_key_with_all_names): Ditto. May now also print sec/sbb. + +2015-07-28 Werner Koch <wk@gnupg.org> + + gpg: Remove the edit-key toggle command. + + commit 7ef09afd1a6a37c7f22e7c3d898f0c917b08f940 + * g10/keyedit.c (cmds): Remove helptext from "toggle". + (keyedit_menu): Remove "toggle" var and remove the sub/pub check + against toggle. + + common,w32: Avoid unused var warning about msgcache. + + commit 4bc75337f31374b7424d7bdebf839dd91ec80c0a + * common/i18n.c (USE_MSGCACHE): New. + (msgcache) [!USE_MSGCACHE]: Do not define. + (i18n_localegettext): Repalce #if conditions by USE_MSGCACHE. + + w32: Try more places to find an installed Pinentry. + + commit 18f1e627c697d75175b79fe095305fa775f20841 + * common/homedir.c (get_default_pinentry_name): Re-implement to + support several choices for Windows. + +2015-07-26 Werner Koch <wk@gnupg.org> + + scd: Fix size_t/unsigned int mismatch. + + commit 55e64f47a52d76e097a01eb4044a88a4e10d6a87 + * scd/app-openpgp.c (ecc_writekey): Use extra var n. + + Replace GNUPG_GCC_A_ macros by GPGRT_ATTR_ macros. + + commit d382242fb6789973ce8d246ec154a4a1468c24c0 + * common/util.h: Provide replacement for GPGRT_ATTR_ macros when using + libgpg-error < 1.20. + * common/mischelp.h: Ditto. + * common/types.h: Ditto. + +2015-07-25 NIIBE Yutaka <gniibe@fsij.org> + + scd: support any curves defined by libgcrypt. + + commit ef080d5c7fb7f3b75c3c57c011f78a312b8e13a9 + * g10/call-agent.h (struct agent_card_info_s): Add curve field. + * g10/call-agent.c (learn_status_cb): Use curve name. + * g10/card-util.c (card_status): Show pubkey name. + * scd/app-openpgp.c (struct app_local_s): Record OID and flags. + (store_fpr): Use ALGO instead of key type. + (send_key_attr): Use curve name instead of OID. + (get_public_key): Clean up by OID to curve name. + (ecc_writekey): Support any curves in libgcrypt. + (do_genkey, do_auth, ): Follow the change. + (ecc_oid): New. + (parse_algorithm_attribute): Show OID here. + +2015-07-23 Peter Wu <peter@lekensteyn.nl> + + build: ignore scissor line for the commit-msg hook. + + commit d24165bce2823c2f5dcb39b7b84c9aa00802a8ee + * build-aux/git-hooks/commit-msg: Stop processing more lines when the + scissor line is encountered. + +2015-07-23 NIIBE Yutaka <gniibe@fsij.org> + + scd: Format change to specify "rsa2048" for KEY-ATTR. + + commit dbf4534f49a1fe3823bd6d6d7bb4d9df863b4789 + * g10/card-util.c (do_change_keysize): Put "rsa". + * scd/app-openpgp.c (change_keyattr, change_keyattr_from_string): + Change the command format. + (rsa_writekey): Check key type. + (do_writekey): Remove "ecdh" and "ecdsa" support which was available + in experimental libgcrypt before 1.6.0. + +2015-07-22 Werner Koch <wk@gnupg.org> + + Avoid a leading double slash in make_filename. + + commit 69d2c9b09bd9d0b86b9f2feb585037a2c11795b0 + * common/stringhelp.c (do_make_filename): Special case leading '/'. + +2015-07-21 NIIBE Yutaka <gniibe@fsij.org> + + scd: change_keyattr_from_string for ECC. + + commit 9901be395684dd1b35d83685a719291347684ab1 + * scd/app-openpgp.c (change_keyattr, change_keyattr_from_string): + Support ECC. + (rsa_writekey): Don't change key attribute. + +2015-07-17 NIIBE Yutaka <gniibe@fsij.org> + + scd: Use openpgpdefs.h for constants. + + commit f5d356fb5bbbd0e05a753612455253e4bc335266 + * scd/app-openpgp.c: Include openpgpdefs.h. + +2015-07-16 Neal H. Walfield <neal@g10code.com> + + Don't segfault if the first 'auto-key-locate' option is 'clear'. + + commit f2ee673c99825d5189631031ddec2dbf54dbd482 + * g10/getkey.c (free_akl): If AKL is NULL, just return. + +2015-07-10 NIIBE Yutaka <gniibe@fsij.org> + + agent: Support non-NLS build. + + commit b3286af36d452fc801be573a057b0838d53a2edd + * agent/agent.h: Use ENABLE_NLS and define L_() macro. + +2015-07-09 NIIBE Yutaka <gniibe@fsij.org> + + scd: Remove unused files. + + commit 67b2dc7636e47baefd5aafe0eb45b4730f974481 + * scd/Makefile.am (sc_copykeys_*): Remove. + * scd/sc-copykeys.c: Remove. + * scd/pcsc-wrapper.c: Remove. + * scd/{card-common.h,card-dinsig.c,card-p15.c,card.c}: Remove. + +2015-07-08 NIIBE Yutaka <gniibe@fsij.org> + + g10: Use canonical name for curve. + + commit 5b46726931049e060d8fbfa879db7907078a9aed + * g10/import.c (transfer_secret_keys): Use canonical name. + * common/openpgp-oid.c (openpgp_curve_to_oid): Return NULL on error. + * g10/keyid.c (pubkey_string): Follow change of openpgp_curve_to_oid. + * g10/keylist.c (list_keyblock_print, list_keyblock_colon): Ditto. + * g10/parse-packet.c (parse_key): Ditto. + +2015-07-03 Daniel Kahn Gillmor <dkg@fifthhorseman.net> + + drop long-deprecated gpgsm-gencert.sh. + + commit 1be2cebf7ff5837c8b548b4f4afbf1b8b28211bc + * tools/gpgsm-gencert.sh: remove deprecated script entirely. It is + fully replaced by gpgsm --gen-key + * doc/tools.texi: remove gpgsm-gencert.sh documentation + * .gitignore: no longer ignore gpgsm-gencert.sh manpage + * doc/Makefile.am: quit making the manpage + * tools/Makefile.am: quit distributing the script + * doc/howto-create-a-server-cert.texi: overhaul documentation to use + gpgsm --gen-key and tweak explanations + +2015-07-02 NIIBE Yutaka <gniibe@fsij.org> + + po: Update Japanese translation. + + commit 3502b3cc0f5ff92ab89a0da8b1e344a8ad615737 + + + scd: Support AES decryption for OpenPGPcard v3.0. + + commit 45c49a0030c7a01ec011ce810ddb3aaef734e9bf + * scd/app-openpgp.c (do_decipher): Support AES decryption. + +2015-07-01 Werner Koch <wk@gnupg.org> + + Release 2.1.6. + + commit a499eeb6a6545d87ac9f1b64e32017bfdb4f67e6 + + +2015-07-01 Daiki Ueno <ueno@gnu.org> + + agent: Unset INSIDE_EMACS on gpg-agent startup. + + commit f1490a3a0ecf4a5a03373c9563f7709630232ee3 + * agent/gpg-agent.c (main): Unset INSIDE_EMACS envvar. + +2015-07-01 Werner Koch <wk@gnupg.org> + + common: Implement i18n_localegettext. + + commit a65447f0d64d0c53ddbdcfc988f26ecc9a8a6f08 + * common/i18n.c (msg_cache_s, msg_cache_head_s): New. + (msgcache): New. + (i18n_localegettext): Implement locale dependent lookup. + +2015-06-30 Daniel Kahn Gillmor <dkg@fifthhorseman.net> + + Pass DBUS_SESSION_BUS_ADDRESS for gnome3. + + commit 816824953c91959c23a57c047bdba6a902ffdde6 + * common/session-env.c (stdenvnames): Add DBUS_SESSION_BUS_ADDRESS. + +2015-06-30 Werner Koch <wk@gnupg.org> + + Flag the L_() function with attribute format_arg. + + commit 232af382e563fcbe15589a3ccae7d6908a17c44d + * agent/agent.h (LunderscorePROTO): New. + * common/util.h (GNUPG_GCC_ATTR_FORMAT_ARG): New. + * common/i18n.h (GNUPG_GCC_ATTR_FORMAT_ARG): New. Use for + i18n_localegettext. Expand LunderscorePROTO. + * agent/genkey.c (check_passphrase_constraints): Use xtryasprintf + again to keep the old translations. + + agent: Use different translation func for Pinentry strings. + + commit e76d4c05b24211f3981ab69cddb3fccc17d21e0e + * po/Makevars (XGETTEXT_OPTIONS): Add keyword "L_". + * common/i18n.c (i18n_localegettext): New stub. + * common/i18n.h: Expand the LunderscoreIMPL macro. + * agent/agent.h (L_): New. + (LunderscoreIMPL): New. + * agent/call-pinentry.c (setup_qualitybar): Add arg ctrl anc change + caller. + * agent/findkey.c (try_unprotect_cb): Add local var ctrl. + * agent/genkey.c (check_passphrase_constraints): Replace xtryasprintf + by xtrystrdup to avoid gcc warning. Unfortinately this changes the + string. + (agent_ask_new_passphrase): Cleanup the use of initial_errtext. + + gpg: Make show-sig-subpackets work again. + + commit 010e4281c3e15e2f86589dd1da419531ead519ef + * g10/gpg.c (parse_list_options): Fix offset for subpackets. + +2015-06-29 Werner Koch <wk@gnupg.org> + + agent: Prepare for Libassuan with Cygwin support. + + commit b6076579311029aa76c00377d9a804b1578bf58f + * agent/gpg-agent.c (create_server_socket): Add arg "cygwin". Call + assuan_sock_set_flag if Assuan version is recent enough. + (main): Create ssh server socket with Cygwin flag set. + +2015-06-29 Neal H. Walfield <neal@gnu.org> + + Show passphrase constraints errors as password prompt errors. + + commit 2778c6f8f40d73272075ce04c07097f65c94054e + * agent/agent.h (check_passphrase_constraints): Add parameter + failed_constraint and remove parameter silent. Update callers. + * agent/genkey.c (check_passphrase_constraints): Add parameter + failed_constraint and remove parameter silent. If FAILED_CONSTRAINT + is not NULL and OPT.ENFORCE_PASSPHRASE_CONSTRAINTS is FALSE, save the + error text in *FAILED_CONSTRAINT and don't call take_this_one_anyway + or take_this_one_anyway2. If FAILED_CONSTRAINT is NULL, act as if + SILENT was set. + (agent_ask_new_passphrase): Change initial_errtext's type from a const + char * to a char *. Pass it to check_passphrase_constraints. If it + contains malloc's memory, free it. + +2015-06-29 Neal H. Walfield <neal@g10code.com> + + Improve documentation for default-cache-ttl and default-cache-ttl-ssh. + + commit 0416aed4abf6cea94458d2e38eb4a5e6bfea2d8b + * doc/gpg-agent.texi (Agent Options): Improve documentation for + default-cache-ttl and default-cache-ttl-ssh. + + Don't raise max-cache-ttl to default-cache-ttl. + + commit 60cf69ff9d61a2cd37fc4468f232fd41aa70a651 + * agent/gpg-agent.c (finalize_rereadable_options): Don't raise + max-cache-ttl to default-cache-ttl. Likewise for max-cache-ttl-ssh + and default-cache-ttl-ssh. + + Improve the description of old packets with an indeterminate length. + + commit 68c217f457a772984d0afbdd341f18de7c867505 + * g10/parse-packet.c (parse): Make the description more accurate when + listing packets: old format packets don't support partial lengths, + only indeterminate lengths (RFC 4880, Section 4.2). + +2015-06-29 Werner Koch <wk@gnupg.org> + + agent: Add --verify to the PASSWD command. + + commit 9bca96dbc5c32bdd00196462fde8c9ab94aeb28d + * agent/command.c (cmd_passwd): Add option --verify. + + agent,w32: Do not create a useless socket with --enable-putty-support. + + commit 7a387331645736eaeaaef57770beef5fa741bc22 + * agent/agent.h (opt): Remove field ssh_support. + * agent/gpg-agent.c (ssh_support): New. Replace all opt.ssh_support + by this. + (main): Do not set ssh_support along with setting putty_support. + + gpgsm: Add command option "offline". + + commit 2c9c46e2a2b8f9a1bdc1ef46a135b5fc7d1a8073 + * sm/server.c (option_handler): Add "offline". + (cmd_getinfo): Ditto. + * sm/certchain.c (is_cert_still_valid): + (do_validate_chain): + * sm/gpgsm.c (gpgsm_init_default_ctrl): Default "offline" to the value + of --disable-dirmngr. + * sm/call-dirmngr.c (start_dirmngr_ext): Better also check for + ctrl->offline. + +2015-06-26 NIIBE Yutaka <gniibe@fsij.org> + + scd: Support button flag and AES key data for OpenPGPcard v3.0. + + commit d2fdf2e1b6cd447bb1c36df0ac7d8e669802fa22 + * scd/app-openpgp.c (do_getattr, show_caps, app_select_openpgp): + Support button and symmetric decryption. + (do_setattr): Support setting AESKEY. + +2015-06-25 Andre Heinecke <aheinecke@intevation.de> + + sm: Fix cert storage for ephemeral certs. + + commit 5e1a844ae9b6730b4b8a2c9178ea9bc121560c28 + * sm/keydb.c (keydb_store_cert): Clear ephemeral flag for + existing certs if store should not be ephemeral. + +2015-06-23 Werner Koch <wk@gnupg.org> + + Allow use of debug flag names for all tools. + + commit 54a0ed3d9b10a3c6dfb3d6a4d20b693a3183f8f6 + * g13/g13.c: Make use of debug_parse_flag. + * scd/scdaemon.c: Ditto. + * sm/gpgsm.c: Ditto + * agent/gpg-agent.c: Ditto. But do not terminate on "help" + * dirmngr/dirmngr.c: Ditto. + + common: Improve fucntion parse_debug_flag. + + commit 8195e55d0c134a45f7c9bd95c8b5741781841c18 + * common/miscellaneous.c (parse_debug_flag): Add hack not to call + exit. Add "none" and "all" flags. + +2015-06-23 NIIBE Yutaka <gniibe@fsij.org> + + scd: pinpad workaround for PC/SC implementations. + + commit 5e1d2fe6555d06f9dcd2daac713b2edfbc0428a5 + * scd/adpu.c (pcsc_pinpad_verify, pcsc_pinpad_modify): Bigger buffer + for TPDU card reader. + +2015-06-22 Werner Koch <wk@gnupg.org> + + gpg: Allow debug flag names for --debug. + + commit 4698e5b203bd983503b5fd784fcd09dd3bc3a15e + * g10/gpg.c (opts): Change arg for oDebug to a string. + (debug_flags): New; factored out from set_debug. + (set_debug): Remove "--debug-level help". Use parse_debug_flag to + print the used flags. + (main): Use parse_debug_flag for oDebug. + + common: Add function parse_debug_flag. + + commit 22147952b744958ec46d356e942540356ff7d93e + * common/miscellaneous.c (parse_debug_flag): New. + * common/util.h (struct debug_flags_s): New. + + common: Add function strtokenize. + + commit d37f47081d41584efc0c397432811f9cfa5d5867 + * common/stringhelp.c: Include assert.h. + (strtokenize): New. + * common/t-stringhelp.c (test_strtokenize): New. + + gpg: Fix regression due to recent commit 6500f33. + + commit e0873a3372800d51c90ca656450f937dbae9c169 + * g10/keydb.c (kid_list_s): Keep a state in the table. + (kid_not_found_table): Rename to kid_found_table. + (n_kid_not_found_table): Rename to kid_found_table_count. + (kid_not_found_p): Return found state. + (kid_not_found_insert): Add arg found. + (keydb_search): Store found state in the table. + +2015-06-22 NIIBE Yutaka <gniibe@fsij.org> + + scd: Fix Cherry ST-2000 support for pinpad input. + + commit 444e9232aa9e00aacd939cbf7bdb881b550dfebe + * scd/apdu.c (pcsc_vendor_specific_init): Set pinmax to 15. + * scd/ccid-driver.c (ccid_transceive_secure): Add zero for the + template of APDU. + +2015-06-20 Werner Koch <wk@gnupg.org> + + gpg: Print number of good signatures with --check-sigs. + + commit 0948c4f217308ffa0ec61ce189d387fd61b02bbd + * g10/keylist.c (keylist_context): Add field good_sigs. + (list_keyblock_print): Updated good_sigs. + (print_signature_stats): Print number of good signatures and use + log_info instead of tty_printf. + + gpg: Improve speed of --check-sigs and --lish-sigs. + + commit 6500f338a35f4148606480c79f3a0c1b0d15f13a + * g10/keydb.c (kid_list_t): New. + (kid_not_found_table, n_kid_not_found_table): New. + (kid_not_found_p, kid_not_found_insert, kid_not_found_flush): New. + (keydb_insert_keyblock): Flush the new cache. + (keydb_delete_keyblock): Ditto. + (keydb_update_keyblock): Ditto. + (keydb_search): Use the new cache. + (keydb_dump_stats): New. + * g10/gpg.c (g10_exit): Dump keydb stats. + +2015-06-19 Werner Koch <wk@gnupg.org> + + gpg: Add more log_clock calls to keydb.c. + + commit 53e9b86085ac70ede8a0b1de9018ccbfe55b0932 + * g10/keydb.c (keydb_get_keyblock): Add log_clock calls. + + gpg: Print available debug flags using "--debug-level help". + + commit 663a31f1ea2fc5a43c822e916cf20fece5243851 + * g10/gpg.c (set_debug): Add "help" option and use a table for the + flags. + + gpg: Fix export problem in case an old keyring has PGP-2 keys. + + commit c5604eeee4b64a44a1ca1d517ace14fc1cbda298 + * g10/export.c (do_export_stream): Skip legacy keys. + +2015-06-18 Werner Koch <wk@gnupg.org> + + dirmngr: Fix the cleanup zombies fix (685b782). + + commit c97198371b7307e64afdd323231977b2247f64ec + * dirmngr/ldap-wrapper.c (ldap_wrapper_thread): Do not close the + stdout reader after EOF from read_log_data. + * dirmngr/crlcache.c (crl_cache_reload_crl): Close the reader before + the next iteration. + +2015-06-17 Werner Koch <wk@gnupg.org> + + agent: Print a warning for obsolete options. + + commit 010d26a85bfe15c4aa12eefeab851dbde0609c26 + * g10/misc.c (obsolete_scdaemon_option): Move to + * common/miscellaneous.c (obsolete_option): ... here. + * agent/gpg-agent.c (main): Use obsolete_option for the 3 obsolete + options. + +2015-06-16 Werner Koch <wk@gnupg.org> + + dirmngr: Cleanup zombies and fix hang on shutdown. + + commit 685b782a18adb90bbf78956682e4e7f89fed678c + * dirmngr/ldap-wrapper.c (ldap_wrapper_thread): Move nfds computation + into the loop. Check the queue also on timeout. Close log_fd and + reader context on EOF or error. + + dirmngr: Avoid accessing uninitialized memory in log callback. + + commit 82c72e2db7bc5b633768d59822f2e2a353fa6e32 + * dirmngr/dirmngr.c (pid_suffix_callback): Clear int_and_ptr_u before + use. + (start_connection_thread): Ditto. + (handle_connections): Ditto. + +2015-06-16 Neal H. Walfield <neal@g10code.com> + + Don't prompt for the password multiple times in pinentry loopback mode. + + commit eac081ba1278855fa223b031b527498fec558bc7 + * g10/gpg.c (main): If OPT.PINENTRY_MODE is PINENTRY_MODE_LOOPBACK, + clear OPT.PASSPHRASE_REPEAT. + +2015-06-16 NIIBE Yutaka <gniibe@fsij.org> + + po: Update Japanese Translation. + + commit 15540f6233bd041b06708862a6d9535cbcabe330 + + +2015-06-15 Werner Koch <wk@gnupg.org> + + doc: Add defs.inc to BUILT_SOURCES. + + commit ef273a9afc7840b75cfb9b8af78d117b7d672c6a + + +2015-06-11 Werner Koch <wk@gnupg.org> + + Release 2.1.5. + + commit 9b7bdfae82f74a147a5dbf0fac0f78cde77a207b + + + agent: Fix --extra-socket on Windows. + + commit 985918aab025cf0ac9db411b88a47c4b985e5e95 + * agent/gpg-agent.c (start_connection_thread): Rename to ... + (do_start_connection_thread): this. Factor nonce checking out to ... + (start_connection_thread_std): this, + (start_connection_thread_extra): this, + (start_connection_thread_browser): and this. + + agent: Add experimental option --browser-socket. + + commit 008435b95cbca19adc217178dc9d793eca584345 + * agent/agent.h (opt): Add field "browser_socket". + * agent/command.c (cmd_setkeydesc): Use a different message for + restricted==2. + * agent/gpg-agent.c (oBrowserSocket): New. + (opts): Add --browser-socket. + (socket_name_browser, redir_socket_name_browser): New. + (socket_nonce_browser): New. + (cleanup): Cleanup browser socket. + (main): Implement option. + (start_connection_thread_browser): New. + (handle_connections): Add arg listen_fd_browser and use it. + +2015-06-10 Daiki Ueno <ueno@gnu.org> + + agent: Add option --allow-emacs-pinentry. + + commit 691dae270b3b741178912599724d69adabdb48b9 + * agent/agent.h (opt): Add field allow_emacs_pinentry. + * agent/call-pinentry.c (start_pinentry): Act upon new var. + * agent/gpg-agent.c (oAllowEmacsPinentry): New. + (opts): Add option --allow-emacs-pinentry. + (parse_rereadable_options): Set this option. + * tools/gpgconf-comp.c (gc_options_gpg_agent): Add new option. + +2015-06-09 Werner Koch <wk@gnupg.org> + + doc: Do not used fixed file names in the manuals. + + commit 25331bba5554a39d226d32433add7784b2e170b8 + * doc/mkdefsinc.c: New. + * doc/Makefile.am: Include cmacros.am. + (EXTRA_DIST): Add mkdefsinc.c defsincdate. + (BUILT_SOURCES): Add defsincdate + (CLEANFILES): Add mkdefsinc and defs.inc. + (mkdefsinc): New rule. + (yat2m-stamp): Depend on defs.inc. + ($(myman_pages) gnupg.7): Ditto. + (gnupg.texi): Remove rule to touch itself. + (dist-hook): New. + (defsincdate): New. + (defs.inc): New. + * doc/gnupg.texi: Remove inclusion of version.texi. Include defs.inc. + Also include defs.inc in all files used to build man files. Change + fixed directory names to those from defs.inc. + + dirmngr: Avoid crash due to an empty crls.d/DIR.txt. + + commit 255dadd76d5a2101d2c5450741326b67253fa9ea + * dirmngr/crlcache.c (check_dir_version): Avoid segv. + +2015-06-08 Werner Koch <wk@gnupg.org> + + doc: Change the manual source to be only for GnuPG 2.1. + + commit abbefdd04d7ee30218506caeae1fd858569c9f0a + + + Convey envvar INSIDE_EMACS to the pinentry. + + commit c672572bd50966187cc823585efed673b66ff942 + * common/session-env.c (stdenvnames): Add it. + + agent: Add command "getinfo std_env_names". + + commit 8425db6a26bf66dad16dfbc26be9af7d272f31d3 + * agent/command.c (cmd_getinfo): Add new sub-command. + +2015-06-05 NIIBE Yutaka <gniibe@fsij.org> + + scd: do_decipher change for OpenPGPcard v3.0. + + commit cf508a1f7f4c8926dc554be68a2d46f5ce272ac0 + * scd/app-openpgp.c (do_decipher): Add a header for ECDH. + +2015-06-04 Werner Koch <wk@gnupg.org> + + gpg: Replace -1 by GPG_ERR_NOT_FOUND in tdbio.c. + + commit a4a15195c2a3729025a3ba3439ac8860083fceeb + * g10/tdbio.c (lookup_hashtable): Return GPG_ERR_NOT_FOUND. + * g10/tdbdump.c (import_ownertrust): Test for GPG_ERR_NOT_FOUND. + * g10/trustdb.c (read_trust_record): Ditto. + (tdb_get_ownertrust, tdb_get_min_ownertrust): Ditto. + (tdb_update_ownertrust, update_min_ownertrust): Ditto. + (tdb_clear_ownertrusts, update_validity): Ditto. + (tdb_cache_disabled_value): Ditto. + + gpg: Cleanup error code path in case of a bad trustdb. + + commit f170240ef735edc481f60e51527cbb5ee1acfd55 + * g10/tdbio.c (tdbio_read_record): Fix returning of the error. + + gpg: Fix output in case of a corrupted trustdb. + + commit bf06d04f53296f4b4b73b9360cf1571559bb2295 + * g10/tdbdump.c (list_trustdb): Add arg FP and change callers to pass + es_stdout. + * g10/tdbio.c (upd_hashtable): On a corrupted trustdb call + list_trustdb only in verbose > 1 mode and let it dump to stderr. + +2015-05-29 NIIBE Yutaka <gniibe@fsij.org> + + scd: Fix key template of ECC. + + commit e5c69e87beebe99d362ac721ce4ea6b057a30a99 + * scd/app-openpgp.c (build_ecc_privkey_template): Use correct value. + +2015-05-28 NIIBE Yutaka <gniibe@fsij.org> + + g10: Fix a race condition initially creating trustdb. + + commit fe5c6edaed78839303d67e01e141cfc6b5de9aec + * g10/tdbio.c (take_write_lock, release_write_lock): New. + (put_record_into_cache, tdbio_sync, tdbio_end_transaction): Use + new lock functions. + (tdbio_set_dbname): Fix the race. + (open_db): Don't call dotlock_create. + +2015-05-27 NIIBE Yutaka <gniibe@fsij.org> + + g10: Remove g10/signal.c. + + commit 6cb18a8f975b7ff7ca79c1fb0cddcd4b66be90fb + * g10/signal.c: Remove. + * g10/main.h: Remove old function API. + * g10/tdbio.c: Use new API, even in the dead code. + +2015-05-20 Werner Koch <wk@gnupg.org> + + agent: Cleanup caching code for command GET_PASSPHRASE. + + commit 23d2ef83cda644c6a83499f9327350d3371e8a17 + * agent/command.c (cmd_get_passphrase): Read from the user cache. + +2015-05-19 Neal H. Walfield <neal@g10code.com> + + agent: When the password cache is cleared, also clear the ext. cache. + + commit 3a9305439b75ccd4446378d4fd87da087fd9c892 + * agent/agent.h (agent_clear_passphrase): New declaration. + * agent/call-pinentry.c (agent_clear_passphrase): New function. + * agent/command.c (cmd_clear_passphrase): Call agent_clear_passphrase. + + agent: Modify agent_clear_passphrase to support an ext. password cache. + + commit e201c20f25e7bed29088186c5f717d43047a0f4b + * agent/agent.h (agent_get_passphrase): Add arguments keyinfo and + cache_mode. Update callers. + * agent/call-pinentry.c (agent_get_passphrase): Add arguments keyinfo + and cache_mode. If KEYINFO and CACHE_MODE describe a cachable key, + then send SETKEYINFO to the pinentry. + +2015-05-19 NIIBE Yutaka <gniibe@fsij.org> + + g10: detects public key encryption packet error properly. + + commit c771963140cad7c1c25349bcde27e427effc0058 + g10/mainproc.c (proc_pubkey_enc): Only allow relevant algorithms for + encryption. + +2015-05-15 Werner Koch <wk@gnupg.org> + + build: Make --disable-gpgsm work. + + commit 43ea8f5d884dd108bb27d8e1610fa28802295a06 + * Makefile.am: Always build kbx/ + * g10/Makefile.am (AM_CFLAGS): Include KSBA_CFLAGS. + +2015-05-12 Werner Koch <wk@gnupg.org> + + Release 2.1.4. + + commit a67ead6525d7597a9e0b152c5971f6290f7912f3 + + + speedo: Add make option SELFCHECK=0 to build a new release. + + commit 21b0701e2e044894c53ff59d22c5c6a172780c25 + * build-aux/getswdb.sh: Add option --skip-selfcheck. + * build-aux/speedo.mk: Add option SELFCHECK. + +2015-05-11 Werner Koch <wk@gnupg.org> + + common: Cope with AIX problem on number of open files. + + commit 987532b038a2d9b9e76c0de425ee036ca2bffa1b + * common/exechelp-posix.c: Limit returned value for too hight values. + + gpg-connect-agent: Fix quoting of internal percent+ function. + + commit 26e2eb98d3d8405b335b43c8e86deacf622cd957 + * tools/gpg-connect-agent.c (get_var_ext) <percent, percent+): Also + escape '+'. + + agent: Add option --no-allow-external-cache. + + commit d7293cb317acc40cc9e5189cef33fe9d8b47e62a + * agent/agent.h (opt): Add field allow_external_cache. + * agent/call-pinentry.c (start_pinentry): Act upon new var. + * agent/gpg-agent.c (oNoAllowExternalCache): New. + (opts): Add option --no-allow-external-cache. + (parse_rereadable_options): Set this option. + + agent: Add strings for use by future Pinentry versions. + + commit 02d5e1205489aa5027a87a64552eaf15984dc22d + * agent/call-pinentry.c (start_pinentry): Add more strings. + + agent: Add option --debug-pinentry. + + commit 14232c3870c5ef5d2fa15e8ed3f302b1ba29d25c + * agent/gpg-agent.c (oDebugPinentry): New. + (opts): Add --debug-pinentry. + (parse_rereadable_options): Set that option. + * agent/call-pinentry.c (start_pinentry): Pass option to + assuan_set_flag. + +2015-05-08 Werner Koch <wk@gnupg.org> + + gpg: Avoid cluttering stdout with trustdb info in verbose mode. + + commit b03a2647299a6c8764a2574590cbaccdff9e497d + * g10/trustdb.c (validate_keys): Call dump_key_array only in debug + mode. + + gpg: Fix wrong output in list mode. + + commit 7039f87375b3c89d6e63837b811ed2be71c8d9db + * g10/parse-packet.c (parse_gpg_control): Replace puts by es_fputs to + LISTFP. + + gpg: New command --quick-adduid. + + commit 64e809b791645f343feb69112baba8e2700e454b + * g10/keygen.c (ask_user_id): Factor some code out to ... + (uid_already_in_keyblock): new. + (generate_user_id): Add arg UIDSTR. Fix leaked P. + * g10/keyedit.c (menu_adduid): Add new arg uidstring. Adjust caller. + (keyedit_quick_adduid): New. + * g10/gpg.c (aQuickAddUid): New. + (opts): Add command --quick-adduid. + (main): Implement that. + + gpg: Add push/pop found state feature to keydb. + + commit 3c439c0447f8a7468a61bbdc4c9a101ef2451dcb + * g10/keydb.c (keydb_handle): Add field saved_found. + (keydb_new): Init new field. + (keydb_push_found_state, keydb_pop_found_state): New. + * g10/keyring.c (kyring_handle): Add field saved_found. + (keyring_push_found_state, keyring_pop_found_state): New. + + gpg: Minor code merging in keyedit. + + commit b772e459fa91cdc7facd95227ebc0faba20a7003 + * g10/keyedit.c (fix_keyblock): Rename to fix_key_signature_order. + (fix_keyblock): New. Call fix_key_signature_order and other fix + functions. + (keyedit_menu): Factor code out to new fix_keyblock. + (keyedit_quick_sign): Ditto. Check for primary fpr before calling + fix_keyblock. + +2015-05-07 Werner Koch <wk@gnupg.org> + + agent: Minor change for 56b5c9f. + + commit 436f2060721e997479a9dd5be8dfc73627dd49c9 + * agent/call-pinentry.c (agent_askpin): Move option setting to ... + (start_pinentry): here. Fix error code check. + +2015-05-07 Kristian Fiskerstrand <kf@sumptuouscapital.com> + + dirmngr: Fix segfault in ldap engine. + + commit d0d4984cfec54dee727b9e9d33d09e33c6f2e182 + (ks-engine-ldap.c) Fix segfault caused by missing check whether uri is + initialized + +2015-05-07 Neal H. Walfield <neal@g10code.com> + + agent: Improve support for externally cached passwords. + + commit 56b5c9f94f2e55d096be585ed061ccf1c9ec0de6 + * agent/call-pinentry.c (PINENTRY_STATUS_PASSWORD_FROM_CACHE): New + constant. + (pinentry_status_cb): Add it to *FLAGS if PASSWORD_FROM_CACHE was + provided. + (agent_askpin): Pass "OPTION allow-external-password-cache" to the + pinentry. Always pass SETKEYINFO to the pinentry. If there is no + stable identifier, then use "--clear". If the password is incorrect + and PINENTRY_STATUS_PASSWORD_FROM_CACHE is set in *PINENTRY_STATUS, + then decrement PININFO->FAILED_TRIES. + + agent: Or in the value; don't overwrite the variable. + + commit 74944330ba7229ed0cbe23cc0f573962a444bd07 + * agent/call-pinentry.c (pinentry_status_cb): Or in + PINENTRY_STATUS_CLOSE_BUTTON; don't overwrite *FLAG. + + agent: Avoid magic numbers. Use more accurate names. + + commit d3b5cad2346bd5747789dc62d7804fa5c15f4f3b + * agent/call-pinentry.c (PINENTRY_STATUS_CLOSE_BUTTON): New constant. + (PINENTRY_STATUS_PIN_REPEATED): Likewise. + (close_button_status_cb): Rename from this... + (pinentry_status_cb): ... to this. Use the constants. + (agent_askpin): Rename local variable from close_button to + pinentry_status. Use symbolic constants rather than magic numbers. + +2015-05-07 Werner Koch <wk@gnupg.org> + + gpg: Improve 'General key info' line of --card-status. + + commit 874ef16e70ab750db7b153f17a7e859a0db6a2f1 + * g10/keylist.c (print_pubkey_info): Print either "pub" or "sub". + + * g10/getkey.c (get_pubkey_byfprint): Add optional arg R_KEYBLOCK. + * g10/keyid.c (keyid_from_fingerprint): Adjust for change. + * g10/revoke.c (gen_desig_revoke): Adjust for change. + * g10/card-util.c (card_status): Simplify by using new arg. Align + card-no string. + + * g10/card-util.c (card_status): Remove not used GnuPG-1 code. + + gpg: Fix regression not displaying the card serial number. + + commit 173b26c8f83a3c623165a96c315bf9ed4b90edcc + * g10/call-agent.c (keyinfo_status_cb): Detect KEYINFO. + +2015-05-06 Werner Koch <wk@gnupg.org> + + speedo,w32: Install a native pinentry. + + commit 154abaf3c97dae43ba972e4482680a287f3e5c39 + * build-aux/speedo.mk: Always build pinentry for w32. + (speedo_pkg_pinentry_configure): Adjust to modern pinentry. + * build-aux/speedo/w32/inst.nsi: Install native pinentry under the + name pinentry-basic.exe. + +2015-05-01 NIIBE Yutaka <gniibe@fsij.org> + + g10: fix cmp_public_key. + + commit f77fd572db658959fa40aa8c181be919e688b707 + * g10/free-packet.c (cmp_public_keys): Compare opaque + data at the first entry of the array when it's unknown algo. + +2015-04-30 NIIBE Yutaka <gniibe@fsij.org> + + scd: PC/SC reader selection by partial string match. + + commit 01a2a61bc4b34817c4216888265f65d59a33dad3 + * scd/apdu.c (open_pcsc_reader_direct): Partial string match. + +2015-04-24 Werner Koch <wk@gnupg.org> + + common: Remove JNLIB from boiler plate (jnlib merge). + + commit 172b6193488f433a206fd88f85d8c4a5d1eb7fdf + * common/README.jnlib: Remove. + + common: Rename log and gcc attribute macros (jnlib merge). + + commit 26d7e0d7accf269c15fb4bc23e5e80580bfb7fe3 + * common/logging.h: Rename JNLIB_LOG_* to GPGRT_LOG_*. + * common/mischelp.h: Rename JNLIB_GCC_* to GPGRT_GCC_*. + + common: Remove two JNLIB_ macros (jnlib merge). + + commit 575230d91bba95697518da418ea0e8712f889a0f + * configure.ac: Merge seperate jnlib checks. + (HAVE_JNLIB_LOGGING): Remove. + * common/logging.c, common/simple-pwquery.c (JNLIB_NEED_AFLOCAL): + Rename to GNUPG_COMMON_NEED_AFLOCAL. Change all tests. + + common: Remove libjnlib-config.h (jnlib merge). + + commit 17bcd087082d01c48c60ff20d7f9a40f34c6969f + * common/libjnlib-config.h: Remove. + * common/common-defs.h (getenv) [HAVE_GETENV]: New. From removed + header. + (getpid) [HAVE_W32CE_SYSTEM]: New. From removed header. + * common/argparse.c: Include util.h and common-defs.h. Replace + jnlib_ macro names for non-GNUPG builds by x* names. + * common/dotlock.c: Ditto. + * common/logging.c: Include util.h and common-defs.h. Replace jnlib_ + symbol names by x* names. + * common/strlist.c: Ditto. + * common/utf8conv.c: Ditto. + * common/w32-reg.c: Ditto. + * common/mischelp.c: Ditto. Also remove _jnlib_free. + * common/stringhelp.c: Ditto. + (JNLIB_LOG_WITH_PREFIX): Do not depend on this macro. + * common/logging.h (JNLIB_LOG_WITH_PREFIX): Do not depend on this + macro. + +2015-04-23 Werner Koch <wk@gnupg.org> + + gpg: Move all DNS access to Dirmngr. + + commit 154f3ed2bf64de801ae0f9796338a2767ec6357b + * common/dns-cert.h: Move to ../dirmngr/. + * common/dns-cert.c: Move to ../dirmngr/. Change args to return the + key as a buffer. + * common/t-dns-cert.c: Move to ../dirmngr/. + * common/pka.c, common/pka.h, common/t-pka.c: Remove. + + * dirmngr/server.c (data_line_cookie_write): Factor code out to + data_line_write and make it a wrapper for that. + (data_line_write): New. + (cmd_dns_cert): New. + (register_commands): Register new command. + + * g10/Makefile.am (LDADD): Remove DNSLIBS. + * g10/call-dirmngr.c (dns_cert_parm_s): New. + (dns_cert_data_cb, dns_cert_status_cb): New. + (gpg_dirmngr_dns_cert): New. + (gpg_dirmngr_get_pka): New. + * g10/gpgv.c (gpg_dirmngr_get_pka): New dummy function. + * g10/keyserver.c (keyserver_import_cert): Replace get_dns_cert by + gpg_dirmngr_dns_cert. + (keyserver_import_pka): Replace get_pka_info by gpg_dirmngr_get_pka. + * g10/mainproc.c: Include call-dirmngr.h. + (pka_uri_from_sig): Add CTX arg. Replace get_pka_info by + gpg_dirmngr_get_pka. + + common: Minor change of hex2str to allow for embedded nul. + + commit ce11cc39ea7e011040debc9339a2310a714efe7e + * common/convert.c (hex2str): Set ERRNO. Return adjusted COUNT. + +2015-04-23 NIIBE Yutaka <gniibe@fsij.org> + + common: removal of t-support.c from t_jnlib_src. + + commit a7264e3a6a83189a9e43edf5e99f5ac7ee42a2ab + * common/Makefile.am (t_jnlib_src): Remove t-support.c. + +2015-04-21 Werner Koch <wk@gnupg.org> + + gpg: Make keyserver-option http_proxy work. + + commit c4d98734c5df39f57a71f0ec1c0c80e82ff08508 + * g10/options.h (opt): Add field keyserver_options.http_proxy. + * g10/keyserver.c (warn_kshelper_option): Add arg noisy. + (parse_keyserver_options): Parse into new http_proxy field. + * g10/call-dirmngr.c (create_context): Send the http-proxy option. + + common: Make proper use of http proxy parameter. + + commit 54e55149f2af96eff08bfd6f70ef13d007fb58c7 + * common/http.c (is_hostname_port): New. + (send_request): Fix proxy name parsing. + + dirmngr: Add http proxy support for keyservers. + + commit a0dead5edce07838cf5ff3ec7205a3bff2a6ef70 + * dirmngr/dirmngr.h (server_control_s): Add field http_proxy. + * dirmngr/dirmngr.c (dirmngr_init_default_ctrl): Copy http_proxy value + from OPT. + (dirmngr_deinit_default_ctrl): New. + (main): Call dirmngr_deinit_default_ctrl. + * dirmngr/server.c (start_command_handler): Ditto. + (option_handler): Add option "http-proxy". + * dirmngr/crlfetch.c (crl_fetch): Take http_proxy from CTRL. + * dirmngr/ocsp.c (do_ocsp_request): Ditto. + * dirmngr/ks-engine-hkp.c (send_request): Add proxy support. + * dirmngr/ks-engine-http.c (ks_http_fetch): Ditto. + + gpg: Do not use honor-keyserver-url sub-option by default. + + commit 727fe4f8d7d5fc3eac0b0aa6fafa4a314686d7dc + + + gpg: Make preferred keyservers work. + + commit ae0d65f86413a82a40cf68e08aaeca405eee8c78 + * g10/call-dirmngr.c (dirmngr_local_s): Add field set_keyservers_done. + (create_context): Move keyserver setting to ... + (open_context): here. + (clear_context_flags): New. + (gpg_dirmngr_ks_get): Add arg override_keyserver. + * g10/keyserver.c (keyserver_refresh): Improve diagnostics. + (keyserver_get_chunk): Ditto. Pass OVERRIDE_KEYSERVER to ks_get. + + gpg: Update sub-options of --keyserver-options. + + commit da1990bac71f6447d8ebd169c3b3b186e9f287d9 + * g10/options.h (KEYSERVER_HTTP_PROXY): New. + (KEYSERVER_USE_TEMP_FILES, KEYSERVER_KEEP_TEMP_FILES): Remove. + (KEYSERVER_TIMEOUT): New. + * common/keyserver.h (KEYSERVER_TIMEOUT): Remove. + * g10/keyserver.c (keyserver_opts): Remove obsolete "use-temp-files" + and "keep-temp-files". Add "http-proxy" and "timeout". + (parse_keyserver_options): Remove 1.2 compatibility option + "honor-http_proxy". Remove "use-temp-files" and "keep-temp-files" + code. + +2015-04-14 Werner Koch <wk@gnupg.org> + + agent: Send the new SETKEYINFO command to the Pinentry. + + commit 2180845959839705200e3172dbafc94b70b9007f + * agent/call-pinentry.c (agent_askpin): Add args keyinfo and + cache_mode. Change all callers to pass (NULL,0) for them. Send + SETKEYINFO command. + * agent/findkey.c (unprotect): Pass the keygrip and the cache_mode for + the new args. + +2015-04-14 NIIBE Yutaka <gniibe@fsij.org> + + scd: better handling of extended APDU. + + commit 971d558e862db878a7310e06ed7116dbe36886ab + * scd/apdu.c (send_le): Bug fix for not append Z when lc<0&&le<0. + * scd/app-common.h (struct app_ctx_s): Use bit fields for flags. + * scd/ccid-driver.c (CCID_MAX_BUF): New. Only for OpenPGPcard. + (struct ccid_driver_s): New field of max_ccid_msglen. + Remove ifsd field. + (parse_ccid_descriptor): Initialize max_ccid_msglen. + (ccid_transceive_apdu_level): Implement sending extended APDU in + chain of CCID message. + +2015-04-13 Werner Koch <wk@gnupg.org> + + gpg: Fix NULL-segv due to invalid imported data. + + commit 25fce93ba19d997e234a674d5cc98df82c5b5496 + * g10/free-packet.c (my_mpi_copy): New. + (copy_public_key, copy_signature): Use instead of mpi_copy. + +2015-04-13 Neal H. Walfield <neal@g10code.com> + + dirmngr: If LDAP is not enable, don't build the LDAP bits. + + commit 5cde5bf37339cdeb0bd0a33d39477382eafebede + * dirmngr/Makefile.am (dirmngr_SOURCES): Only include + ks-engine-ldap.c, ldap-parse-uri.c and ldap-parse-uri.h if USE_LDAP + is TRUE. + (module_tests): Only add t-ldap-parse-uri if USE_LDAP is TRUE. + * dirmngr/ks-action.c: Only include "ldap-parse-uri.h" if USE_LDAP is + TRUE. + (ks_action_help): Don't invoke LDAP functionality if USE_LDAP is not + TRUE. + (ks_action_search): Likewise. + (ks_action_get): Likewise. + (ks_action_put): Likewise. + * dirmngr/server.c: Only include "ldap-parse-uri.h" if USE_LDAP is + TRUE. + (cmd_keyserver): Don't invoke LDAP functionality if USE_LDAP is not + TRUE. + +2015-04-13 Werner Koch <wk@gnupg.org> + + common: Do without nested fucntions to support non-gcc. + + commit 454f60399c7318fffd3de2afadd58c7a490178bd + * common/t-stringhelp.c (test_strsplit): Remove nested function. + +2015-04-11 Werner Koch <wk@gnupg.org> + + Release 2.1.3. + + commit b1e1959d59a12b53c016ca9c95aee3a62c0bfc00 + + +2015-04-11 Yuri Chornoivan <yurchor@ukr.net> + + po: Update Ukrainian translation. + + commit 896f438967b66b4836419aa737c706ced6b6454a + + +2015-04-11 Ineiev <ineiev@gnu.org> + + po: Update and review Russian translation. + + commit b69d7064f30c38ffe18e71de6a0fc14b5da0452f + + +2015-04-10 Werner Koch <wk@gnupg.org> + + dirmngr,w32: Make it build for Windows. + + commit c8bb5000d4c86a055348dc08352f573c599743a7 + * dirmngr/Makefile.am (t_common_ldadd): Add missing libs. + + Remove obsolete directories from AM_CPPFLAGS. + + commit 67158ff155ef52fd54a6bbe680551c0e12b31e69 + + + dirmngr,w32: Replace functions not available under Windows. + + commit 0fb224c2c5e0c6770d4a6044d62d84f6bbc1b26b + * dirmngr/ks-engine-ldap.c (extract_attributes): Replace isoptime and + gmtime_r. + + common: Add new function gnupg_gmtime. + + commit 5d60c7f7e05a06e46e23bafe61cef09ad32aa998 + * common/gettime.c (gnupg_gmtime): New. + (gnupg_get_isotime): Use it. Also take care of an gmtime_t returning + an error. + + common: Add new function isodate_human_to_tm. + + commit f6670100b7a15b2071c2e4062f5c5a678f2a30f6 + * common/gettime.c (isotime_human_p): Add arg date_only. + (isodate_human_to_tm): New. + * common/t-gettime.c (test_isodate_human_to_tm): New. + (main): Call new test. + + dirmngr,w32: Avoid name clash with existing function. + + commit 6ad95fe6f1f130c8f6d139a9bd57fc4a0d38292b + * dirmngr/ks-engine-ldap.c (ldap_connect): Rename to my_ldap_connect. + + gpgparsemail: Fix last commit (3f2bdac) + + commit 9433661419043431a6cfc7d84c8450e0b2f6c353 + * tools/rfc822parse.c (parse_field): Replace break by goto. + +2015-04-09 Werner Koch <wk@gnupg.org> + + gpgparsemail: Fix case of zero length continuation lines. + + commit 3fbeba64a8bfb2b673230c124a3d616b6568fd2f + * tools/rfc822parse.c (parse_field): Loop after continuation line. + +2015-04-08 Werner Koch <wk@gnupg.org> + + sm: Fix certificate lookup in dirmngr cache. + + commit 6619ead2cfd2abcb95b66dc70622fdeef624fb8a + * sm/call-dirmngr.c (get_cached_cert): Fix typo in LOOKUP command. + +2015-04-06 Werner Koch <wk@gnupg.org> + + gpg: Print the user id in --fast-list-mode. + + commit c2383407bba5eefea486464a31e02846124c9da5 + * g10/keylist.c (list_keyblock_print, list_keyblock_colon): Change. + + gpg: Prepare to pass additional context to the list functions. + + commit 67a58118ab6171c0cf28b65a39973062690d1313 + * g10/keylist.c (struct sig_stats): Rename to keylist_context and add + field check_sigs. + (keylist_context_release): New. + (list_all): Set listctx.check_sigs and call release func. + (list_one): Ditto. + (locate_one): Ditto. + (list_keyblock_print): Use .check_sigs field. Repalce arg opaque by + listctx. + (list_keyblock): Ditto. Make static. + (list_keyblock_direct): New. + * g10/keygen.c (do_generate_keypair): Replace list_keyblock by + list_keyblock_direct. + + gpg: Merge duplicated code for get_user_id et al. + + commit f577d5c1a747d673fa1d5c012ce3e3b78b699c6a + * g10/getkey.c (get_user_id_string): Add args mode and r_LEN. + (get_user_id_string_native): Add new args. + (get_long_user_id_string, get_user_id): Rewrite using + get_user_id_string. + + gpg: Add new option --debug-iolbf. + + commit c581ed717ad2cc4be90c46253baa44a0d3ba5b80 + * g10/gpg.c (oDebugIOLBF): new. + (opts): Add --debug-iolbf. + (main): Set option. + + Rename DBG_ASSUAN to DBG_IPC and add separate DBG_EXTPROG. + + commit 24a75201da6be72edf85b96dbc0c01c747d02c6a + * g10/options.h (DBG_EXTPROG_VALUE): Separate from DBG_IPC_VALUE. + + Fix use of DBG_CACHE and DBG_LOOKUP. + + commit 2f099eb62ac6491675bbcccaca4e076b2d8e7ea0 + * dirmngr/dirmngr.h (DBG_LOOKUP_VALUE): Change to 8192. + * g10/options.h (DBG_LOOKUP_VALUE, DBG_LOOKUP): New. + * g10/getkey.c: Use DBG_LOOKUP instead of DBG_CACHE at most places. + + gpg: Rename a debug macro. + + commit 4de8a58e44262a25564e2acef8c8865d1755982e + * g10/options.h (DBG_CIPHER_VALUE): Rename to DBG_CRYPTO_VALUE. + (DBG_CIPHER): Rename to DBG_CRYPTO. + +2015-04-05 Werner Koch <wk@gnupg.org> + + gpg: Fix DoS while parsing mangled secret key packets. + + commit d901efcebaefaf6eae4a9b9aa8f0c2c055d3518a + * g10/parse-packet.c (parse_key): Check PKTLEN before calling mpi_read + et al. + +2015-04-03 NIIBE Yutaka <gniibe@fsij.org> + + g10: Fix keytocard. + + commit f82c4a6d0d76e716b6a7b22ca964fa2da1f962a0 + g10/call-agent.h (agent_scd_learn): Add FORCE option. + g10/call-agent.c (agent_scd_learn): Implement FORCE option. + g10/keygen.c (gen_card_key): Follow the change of option. + g10/card-util.c (change_pin, card_status, factory_reset): Likewise. + g10/keyedit.c (keyedit_menu): Update private key storage by + agent_scd_learn. + + agent: Add --force option for LEARN. + + commit 4ffadb74b3ada8a5d69ef8d87f4326df9bd97e97 + * agent/command.c (cmd_learn): Handle --force option. + (cmd_keytocard): Don't update key storage file. + * agent/agent.h (agent_handle_learn): Add FORCE. + * agent/learncard.c (agent_handle_learn): Implement FORCE to update + key stroage file. + +2015-03-31 Neal H. Walfield <neal@g10code.com> + + dirmngr: Don't use alloca. + + commit d0ff2ee04187fbedacbe4d3884ee75d957a0b8c6 + * dirmngr/ks-engine-ldap.c (ks_ldap_put): Replace use of alloca with + xmalloc and xfree. + + dirmngr: Simplify truncation of long strings in debug code. + + commit 802eec0ca49b92104c92f18c9a6a04c34de74168 + * dirmngr/ks-engine-ldap.c (modlist_dump): Simplify truncation of long + strings. + + dirmngr: Use a better error code. + + commit 7f6d7948c1e56e09c1bdaa5143e1b5558c4376dd + * dirmngr/ldap-parse-uri.c (ldap_parse_uri): On error, return + GPG_ERR_GENERAL, not GPG_ERR_ASS_GENERAL. + + dirmngr: Better encapsulate the keyservers variable. + + commit 348c520040a31f5c322183c0654a34978e2baf6f + * dirmngr/dirmngr.h (struct server_control_s): Move field keyservers + from here... + * dirmngr/server.c (struct server_local_s): ... to here. Update + users. + * dirmngr/ks-action.h (ks_action_resolve): Add argument keyservers. + (ks_action_search): Likewise. + (ks_action_get): Likewise. + (ks_action_put): Likewise. + * dirmngr/ks-action.c (ks_action_resolve): Add argument keyservers. + Use it instead of ctrl->keyservers. + (ks_action_search): Likewise. + (ks_action_get): Likewise. + (ks_action_put): Likewise. + +2015-03-28 Neal H. Walfield <neal@g10code.de> + + gpg: Only use the last specified keyserver. + + commit f26ba14028d34845ae10aae552b90681907e377d + * g10/gpg.c (main): Only use the last specified keyserver. + +2015-03-25 Werner Koch <wk@gnupg.org> + + dirmngr: Fix resource leaks and check rare errors. + + commit bec10ae4b5a870303c800cdf3cd906044613fc2d + * dirmngr/ks-engine-ldap.c (keyspec_to_ldap_filter): Fix resource + leak. + (ks_ldap_search): Check error from es_fopenmem. Use LDAP_ERR where + required. + (modlist_dump): Check error from es_fopenmem. + (uncescape): s/int/size_t/. Use existing macros. + (extract_attributes): Use existing trim function. + (ks_ldap_put): Do not segv on error from modlist_dump. + + dirmngr: Minor cleanups. + + commit 6c701af121782c2feb4ee51e559a7420df00471f + * dirmngr/ks-engine-ldap.c [__riscos__]: Remove doubled util.h. + (ldap_to_gpg_err): s/GPG_ERR_GENERAL/GPG_ERR_INTERNAL/. + (tm2ldaptime): Use snprintf. + (ldap_connect): Get error code prior to log_error and and use modern + function. Use xfree, xtrustrdup etc. + (modlist_lookup): Use GNUPG_GCC_A_USED. + (modlist_free): Use xfree. + + common: Add macro GNUPG_GCC_A_USED. + + commit 99ef9cd7f589b51921bfbe8d52735c104ef260e3 + * common/util.h (GNUPG_GCC_A_USED): New. + + sm: Change default algos to SHA256 (CSR) and AES128 (bulk encryption). + + commit 1e4d8ddbe3ad7ee8f1c1d1798694d91f792776c0 + * sm/certreqgen.c (create_request): Change default hash algo. + * sm/gpgsm.c (DEFAULT_CIPHER_ALGO): Change default bulk cipher algo. + +2015-03-24 Werner Koch <wk@gnupg.org> + + gpg,w32: Handle forward slash in --keyring option. + + commit bdd22e3a0846d38a0b6cdb822476ad2f15d03455 + * g10/keydb.c (keydb_add_resource): Allow forward slash under Windows. + +2015-03-23 Neal H. Walfield <neal@g10code.de> + + Improve documentation for ks_hkp_get. + + commit 7a56b6b3aa8b7a07bd80a3fcd5114bd1af359fa3 + * dirmngr/ks-engine-hkp.c (ks_hkp_get): Improvement documentation. + + Improve documenation of http_parse_uri. + + commit 00a16cf49336ee0b4ce21eb05a79db955af053e0 + * common/http.c (http_parse_uri): Improve documentation. + + Add support to talking to LDAP key servers. + + commit 51341badb623927f2a358588c725a356fc77dbe7 + * g10/call-dirmngr.c (record_output): New function. + (ks_put_inq_cb): Use it here to generate a --with-colons like output + instead of a custom format. + * dirmngr/ks-action.c: Include "ldap-parse-uri.h". + (ks_action_help): If the provided URI is an LDAP URI, then use + ldap_parse_uri to parse. Call ks_ldap_help. + (ks_action_search): If passed an LDAP URI, then call ks_ldap_search. + (ks_action_get): Likewise. + (ks_action_put): Likewise. Also, change data from a 'const void *' to + a 'void *' and add info and infolen parameters. Add note that + function may modify DATA. + * dirmngr/ks-action.h (ks_action_put): Update declaration accordingly. + * dirmngr/server.c: Include "ldap-parse-uri.h". + (cmd_keyserver): If ITEM->URI is an LDAP URI, parse it using + ldap_parse_uri. + (hlp_ks_put): Improve documentation. + (cmd_ks_put): Also pass info and infolen to ks_action_put. Improve + documentation. + * dirmngr/ks-engine.h (ks_ldap_help): New declaration. + (ks_ldap_search): Likewise. + (ks_ldap_get): Likewise. + (ks_ldap_put): Likewise. + * dirmngr/ks-engine-ldap.c: New file. + * dirmngr/Makefile.am (dirmngr_SOURCES): Add ks-engine-ldap.c, + ldap-parse-uri.c and ldap-parse-uri.h. + (dirmngr_LDADD) [USE_LDAP]: Add $(ldaplibs). + + Import _gpgme_parse_timestamp from gpgme as parse_timestamp. + + commit 81e83060856f02f6cfc7b48f8032e0cf14fc6c68 + * common/gettime.h (parse_timestamp): New declaration. + * common/gettime.c (_win32_timegm): New function imported from + gpgme/src/conversion.c:_gpgme_timegm. + (parse_timestamp): New function imported from + gpgme/src/conversion.c:_gpgme_parse_timestamp. + + Move copy_stream function to misc.c. + + commit 9e79a15f74c428624b0049a3f6a077c1bc7c731d + * dirmngr/ks-action.c (copy_stream): Move function from here... + * dirmngr/misc.c (copy_stream): ... to here and drop the static + qualifier. + * dirmngr/misc.h (copy_stream): Add declaration. + + Move armor_data to misc.c. + + commit 63552852bf191985b4b55aa524bc397c5b1d1515 + * dirmngr/ks-engine-hkp.c (armor_data): Move function from here... + * dirmngr/misc.c (armor_data): ... to here and drop static qualifier. + * dirmngr/misc.h: New declaration. + + Add new LDAP utility functions. + + commit 1a75b7c39f0a84f518711438565645a34fb2673f + * dirmngr/Makefile.am (module_tests): New variable. + (noinst_PROGRAMS): New primary. Set it to $(module_tests). + (TESTS): New variable. Set it to $(module_tests). + (t_common_src): New variable. + (t_common_ldadd): Likewise. + (t_ldap_parse_uri_SOURCES): New primary. + (t_ldap_parse_uri_LDADD): Likewise. + * dirmngr/ldap-parse-uri.c: New file. + * dirmngr/ldap-parse-uri.h: Likewise. + * dirmngr/t-ldap-parse-uri.c: Likewise. + * dirmngr/t-support.h: Likewise. + + Add new function uri_query_lookup. + + commit e23b3ba5ffd3134a72da176a039e4d6c4f3ff595 + * common/http.h (uri_query_lookup): New declaration. + * common/http.c (uri_query_lookup): The corresponding implementation. + + Add new function strlist_find. + + commit 79907ad256f5b84f36cbebdc92e5a05d9e266557 + * common/strlist.h (strlist_find): New declaration. + * common/strlist.c (strlist_find): New function. + + common: Add new helper function, strsplit. + + commit b18ffcb81a3839dbf09603d70ebb8b80f65892d3 + * common/stringhelp.h (strsplit): New declaration. + * common/stringhelp.c (strsplit): New function. + * common/t-stringhelp.c (test_strsplit): New function. + (main): Call it here. + +2015-03-20 Werner Koch <wk@gnupg.org> + + gpg: Consider a mailbox only userid in mail search mode. + + commit bebab54027d8c63574a2680c60481cfe9b88c240 + * kbx/keybox-search.c: Include mbox-util.h. + (blob_cmp_mail): Improve OpenPGP uid parsing. + + common: Add function is_valid_mailbox_mem. + + commit a0eb2e4e8cef9ca6a5dfbae6440fa6cd583d0805 + * common/mbox-util.c (mem_count_chr): New. + (my_memstr): New. + (has_invalid_email_chars): Change args to work on a buffer. + (is_valid_mailbox_mem): New. + (is_valid_mailbox): Rewrite to use is_valid_mailbox_mem. + + gpg: Find keys using mail addresses with garbage after the '>' + + commit 783a4a98378fa1aa222d5cb7427dd37151feb08b + * kbx/keybox-search.c (blob_cmp_mail): Stop comparing at the '>'. + + common: Fix syntax error when building with gnutls. + + commit 5136e39c6466de90697153ea253c4b540c1f7d1a + * common/http.c (send_request): Add missing comma. + +2015-03-19 Werner Koch <wk@gnupg.org> + + gpg: Emit status line NEWSIG before signature verification starts. + + commit e7ddaad0fd2c8774a1d3367adfaa68014eaf65de + * g10/mainproc.c (check_sig_and_print): Emit STATUS_NEWSIG. + + agent: Compute correct MPI length header for protected ECC keys. + + commit cf83ff01fce3ddcbde6d97dffa0db6f277588e25 + * agent/cvt-openpgp.c (apply_protection): Strip leading zeroes from + opaque MPIs to comply with the OpenPGP spec. + + hkps: Fix host name verification when using pools. + + commit dc10d466bff53821f23d2cb4814c259d40c5d9c5 + * common/http.c (send_request): Set the requested for SNI. + * dirmngr/ks-engine-hkp.c (map_host): Return the poolname and not + the selecting a host. + + Define replacement error codes from libgpg-error 1.19. + + commit 28bb3ab686c1c994f67a92b6846b3726c58a0bc3 + * common/util.h: Add GPG_ERR_LDAP codes for libgpg-error < 1.19. + +2015-03-17 Andre Heinecke <aheinecke@intevation.de> + + gpgtar: Fix extracting files with !(size % 512) + + commit 6cbbb0bec98e1acefc4c7163cc41a507469db920 + * tools/gpgtar-extract.c (extract_regular): Handle size multiples + of RECORDSIZE. + +2015-03-17 Werner Koch <wk@gnupg.org> + + common: Add feature to ease using argparse's usage(). + + commit 9078b75a73600fc6b7b5502ceee8de032bb9c446 + * common/argparse.c (show_help): Take care of flag value + (usage): Ditto. + + common: Allow standalone build of argparse.c. + + commit eb5f2c0af6691229300ac120ee44815cb27ed38e + * common/argparse.h: Remove types.h - not required. + * common/argparse.c: Change to allow standalone use. + +2015-03-16 Werner Koch <wk@gnupg.org> + + gpg: Create all MPIs with RFC-4880 correct length headers. + + commit ab17f7b6c392782718f57eaea94fc18a0ff49389 + * g10/build-packet.c (gpg_mpi_write): Strip leading zeroes. + + gpg: Allow printing of MPI values in --list-mode. + + commit bcc8250bc5b9a357c6d1444f03e334edec573ede + * g10/parse-packet.c (set_packet_list_mode): Set mpi_print_mode. + * g10/misc.c (mpi_print): Do not print an extra leading zero. + + gpg: Fix broken write of opaque MPI length header. + + commit 8bc1debfefb7cd4b0be724317793d59dea37d677 + * g10/build-packet.c (gpg_mpi_write): Use a char array for the length. + +2015-03-15 Werner Koch <wk@gnupg.org> + + gpg: Fix possible dead code elimination. + + commit 1a9f13bc663daa75c5009f6a0bf7d7483f12cce0 + * g10/encrypt.c: Change condition for detecting a real file. + + g13: Fix pointer wrap check. + + commit 4bc3a2e954afc2ba7dbe79ba5f740184b7d4cd73 + * g13/utils.c (find_tuple, next_tuple): Cast pointer to size_t before + doing an overflow check. + + agent: Remove useless conditions in command.c. + + commit 3a35c9740ab792068ec4b3732ecfaa17bf4fc7f0 + * agent/command.c (cmd_setkeydesc): Remove NULL check. + (cmd_get_passphrase): Ditto. + (cmd_clear_passphrase): Ditto. + (cmd_get_confirmation): Ditto. + (cmd_getval): Ditto. + (cmd_putval): Ditto. + + agent: Fix length test in sshcontrol parser. + + commit 3529dd8bb5bafc4e02915648d5f409bd27a9cc37 + * agent/command-ssh.c (ssh_search_control_file): Check S before + upcasing it. + + agent: Remove useless conditions. + + commit 95415bdec77a608e6052ba3e2a5d857a8e8f7689 + * agent/genkey.c (agent_ask_new_passphrase): Remove useless condition. + * agent/command-ssh.c (ssh_identity_register): Ditto. + + gpg: Remove useless condition. + + commit c59b410cf1d5676de7061e5a183c01227aa8e760 + * g10/keylist.c (list_keyblock_colon): Remove useless condition (PK). + (list_keyblock_print): Likewise. + + scd: Fix possible NULL deref in apdu.c. + + commit ef0a3abf7305133d071bf1a94a7f461082f9a9aa + * scd/apdu.c (control_pcsc_direct): Take care of BUFLEN being NULL. + (control_pcsc_wrapped): Ditto. + + common: Make openpgp_oid_to_str more robust. + + commit 35db798c2df7f31b52a9dd9d55ea60ae1f325be9 + * common/openpgp-oid.c (openpgp_oid_to_str): Take care of + gcry_mpi_get_opaque returning NULL. Remove useless condition !BUF. + +2015-03-11 Werner Koch <wk@gnupg.org> + + agent: Improve error reporting from Pinentry. + + commit efde50f92af241d8357db83e280a6ece62f6397f + * agent/call-pinentry.c (unlock_pinentry): Add error logging. Map + error source of uncommon errors to Pinentry. + +2015-03-10 Werner Koch <wk@gnupg.org> + + gpg: Change --print-pka-records into an option. + + commit 7b5b52f3268b093eebbac3f199fb69bf246d9cd1 + * g10/gpg.c (aPrintPKARecords): Rename to oPrintPKARecords and do not + use it as a command. + * g10/keylist.c (list_keyblock): List PKA rceords also for secret + keys. + + gpg: Add --list-gcrypt-config and "curve" item for --list-config. + + commit 14af2be022ccaf826db048fc16959d0222ff1134 + * common/openpgp-oid.c (curve_supported_p): New. + (openpgp_enum_curves): New. + * common/t-openpgp-oid.c (test_openpgp_enum_curves): New. + (main): Add option --verbose. + * g10/gpg.c (opts): Add --list-gcrypt-config. + (list_config): Add items "curve" and "curveoid". Remove unused code. + +2015-03-09 NIIBE Yutaka <gniibe@fsij.org> + + scd: fix for 64-bit arch. + + commit bb5a1b7c738d74d5b46340ec7b50000a2d343ca9 + * agent/pksign.c (agent_pksign_do): Use int. + * scd/app-openpgp.c (get_public_key): Likewise. + +2015-03-04 Daniel Kahn Gillmor <dkg@fifthhorseman.net> + + gpg: avoid chatter about trustdb when --quiet. + + commit 82146af85b65498a69b28913593dc1ffeb6b6fed + * g10/trustdb.c (tdb_check_trustdb_stale): avoid log_info() when + opt.quiet + +2015-02-26 Werner Koch <wk@gnupg.org> + + gpg: Lowercase mailbox for PKA lookups. + + commit c071be698efadef1ad01fd3d329d1b486a372927 + * common/stringhelp.c (ascii_strlwr): New. + * common/mbox-util.c (mailbox_from_userid): Downcase result. + + gpg: Fix memory leak due to PKA lookup. + + commit 91baea2dcde6c1e5ca9e8fa7020d9ab4551d1bca + * g10/keyserver.c (keyserver_import_pka): Move the xfree. + +2015-02-25 Werner Koch <wk@gnupg.org> + + gpg: Switch to a hash and CERT record based PKA system. + + commit 2fc27c8696f5cf2ddf3212397ea49bff115d617b + * common/dns-cert.c (get_dns_cert): Make r_key optional. + * common/pka.c: Rewrite for the new hash based lookup. + * common/t-pka.c: New. + * configure.ac: Remove option --disable-dns-pka. + (USE_DNS_PKA): Remove ac_define. + * g10/getkey.c (parse_auto_key_locate): Always include PKA. + + common: Allow requesting a specific certtype with get_dns_cert() + + commit af60152a4632ef26ca950a424429b15b6c69038d + * common/dns-cert.c (get_dns_cert): Add arg want_certtype. Change all + callers. + (CERTTYPE_): Move constants to ... + * common/dns-cert.h: here as DNS_CERTTYPE_. + + Move new mailbox.c source file to common/. + + commit 9913253610bac69e9503800e85696491e018e327 + * g10/mailbox.c: Move to ... + * common/mbox-util.c: new file. + * common/mbox-util.h: New. Include where needed. + * g10/t-mailbox.c: Move to ... + * common/t-mbox-util.c: new file. + +2015-02-24 Werner Koch <wk@gnupg.org> + + gpg: Add command --print-pka-records. + + commit e2d93402801a2cb822c723e891fd98233fdb3fd5 + * g10/gpg.c (main): Add command --print-pka-records. + * g10/options.h (struct opt): Add field "print_pka_records". + * g10/keylist.c (list_keyblock_pka): New. + (list_keyblock): Call it if new option is set. + (print_fingerprint): Add mode 10. + + gpg: Add function to extract the mailbox. + + commit 93fa3d5c1760f3fee5412fb29d58fbd60db16ea9 + * g10/misc.c (has_invalid_email_chars, is_valid_mailbox) + (is_valid_user_id): Move to ... + * g10/mailbox.c: new file. + (string_has_ctrl_or_space, has_dotdot_after_at): New. + (has_invalid_email_chars): New. + + * g10/t-mailbox.c: New. + * g10/Makefile.am (module_tests): Add t-mailbox. + (t_mailbox_SOURCES, t_mailbox_LDADD): New. + +2015-02-23 Werner Koch <wk@gnupg.org> + + gpg: Add option to print fingerprints in ICAO spelling. + + commit ae09515b9d3aae653b62a32ea5b4a9b9e557fc52 + * g10/gpg.c: Add option --with-icao-spelling. + * g10/options.h (struct opt): Add with_icao_spelling. + * g10/keylist.c (print_icao_hexdigit): New. + (print_fingerprint): Print ICAO spelling. + + gpg: Skip legacy keys while searching keyrings. + + commit a8116aacd91b7e775762a62c268fab6cc3c77438 + * g10/getkey.c (search_modes_are_fingerprint): New. + (lookup): Skip over legacy keys. + + common: Fix regression due to commit 2183683b. + + commit d9f6eea6115df7959564123eb99d633ce5bba42e + * common/dns-cert.c (get_dns_cert): Remove cruft. + +2015-02-19 Werner Koch <wk@gnupg.org> + + gpg: Replace remaining uses of stdio by estream. + + commit d2a70fd8348d6c11d1960caf2afe0701833dad6a + * g10/sign.c (sign_file): Use log_printf instead of stderr. + * g10/tdbdump.c (export_ownertrust): Use estream fucntions. + (import_ownertrust): Ditto. + * g10/tdbio.c (tdbio_dump_record): Ditto. Change arg to estream_t. + + gpg: Fix segv due to NULL value stored as opaque MPI. + + commit 76c8122adfed0f0f443cce7bda702ba2b39661b3 + * g10/build-packet.c (gpg_mpi_write): Check for NULL return from + gcry_mpi_get_opaque. + (gpg_mpi_write_nohdr, do_key): Ditto. + * g10/keyid.c (hash_public_key): Ditto. + +2015-02-12 Werner Koch <wk@gnupg.org> + + scd: Fix regression in 2.1.2 (due to commit 2183683) + + commit 07a71da479daaac43b8c5b1034a1e66f96bdbc48 + * scd/apdu.c (pcsc_vendor_specific_init): Replace use of + bufNN_to_uint by direct code. + +2015-02-12 Andre Heinecke <aheinecke@intevation.de> + + dirmngr: Initialize cache from sysconfig dir. + + commit 070d7bf940efa60db2b0734273b9b3736d18338a + * dirmngr/certcache.c (cert_cache_init): Load certificates + from sysconfig dir instead of the homeidr. + * dirmngr/dirmngr.c (main): Removed parsing of obsolete + homedir_data option. + * dirmngr/dirmngr.h (opt): Removed homedir_data. + * doc/dirmngr.texi: Update and clarify certs directory doc. + +2015-02-11 Werner Koch <wk@gnupg.org> + + Release 2.1.2. + + commit fc17562cc4f8d531ae7f0887cf2a96dcc224b021 + + + dirmngr: Avoid warning about unused function. + + commit 8219c87c301ec669f07528e8d8108655f7b705be + * dirmngr/dirmngr.c (my_gnutls_log): Build only if gnutls is used. + + build: Update standard build-aux files. + + commit 81e93e251e52e427a29556de75640c7933bb5aad + + + Use inline functions to convert buffer data to scalars. + + commit 2183683bd633818dd031b090b5530951de76f392 + * common/host2net.h (buf16_to_ulong, buf16_to_uint): New. + (buf16_to_ushort, buf16_to_u16): New. + (buf32_to_size_t, buf32_to_ulong, buf32_to_uint, buf32_to_u32): New. + +2015-02-09 Werner Koch <wk@gnupg.org> + + gpg: Prevent an invalid memory read using a garbled keyring. + + commit f0f71a721ccd7ab9e40b8b6b028b59632c0cc648 + * g10/keyring.c (keyring_get_keyblock): Whitelist allowed packet + types. + * g10/keydb.c (parse_keyblock_image): Ditto. + + gpg: Fix a NULL-deref in export due to invalid packet lengths. + + commit 0835d2f44ef62eab51fce6a927908f544e01cf8f + * g10/build-packet.c (write_fake_data): Take care of a NULL stored as + opaque MPI. + + gpg: Fix a NULL-deref due to empty ring trust packets. + + commit 39978487863066e59bb657f5fe4e8baab510da7e + * g10/parse-packet.c (parse_trust): Always allocate a packet. + +2015-02-04 Werner Koch <wk@gnupg.org> + + gpg-agent: Use "pinentry-basic" as fallback. + + commit 0de5c6a9a783ed9dc69cecbf34eadcaace4be243 + * common/homedir.c (get_default_pinentry_name): New. + (gnupg_module_name): Use that for the default pinentry. + (gnupg_module_name_flush_some): New. + * agent/gpg-agent.c (agent_sighup_action): Flush some module names. + * agent/call-pinentry.c (start_pinentry): Do not modify + opt.pinentry_program. + + w32: Add manifest to gpg. + + commit 05428d12561bc7eb872a81444918dfe706477a41 + * g10/gpg.w32-manifest.in: New. + * g10/gpg-w32info.rc: Add manifest. + * g10/Makefile.am (EXTRA_DIST): Add manifest. + (gpg-w32info.o): Depend on manifest. + * configure.ac (BUILD_VERSION): New. + (AC_CONFIG_FILES): Add manifest. + +2015-02-03 Werner Koch <wk@gnupg.org> + + Update copyright years. + + commit 3f67426a89bf4b37e1d2662fddc3eb4fa474c4ad + * common/w32info-rc.h.in (W32INFO_COMPANYNAME): Change to "The GnuPG + Project". + +2015-02-02 Werner Koch <wk@gnupg.org> + + w32: Change default Windows install dir and add bin to PATH. + + commit 8872657b2a52dd9698224b80e5672e23c5405eda + * build-aux/speedo.mk (WITH_GUI): New macro. The Windows installer is + now build by default without any GUI stuff. + * build-aux/speedo/w32/inst.nsi: Change standard installation + directory. + (AddToPath, un.RemoveFromPath): New. + (gnupginst): Add bin directory to the PATH. + +2015-02-01 Werner Koch <wk@gnupg.org> + + w32: Allow for Unicocde installation directory. + + commit 616633b7713081ecc39419494879947cc7f163d0 + * common/homedir.c (w32_rootdir): Use Unicode fucntion not only for + WinCE. + +2015-01-30 Joshua Rogers <git@internot.info> + + kbx: Fix resource leak. + + commit 7db6c82cec49b7c56c403a8ea98364086baf75f3 + * kbx/keybox-update.c (blob_filecopy): Fix resource leak. On error + return, 'fp' and 'newfp' was never closed. + +2015-01-29 Werner Koch <wk@gnupg.org> + + agent: Fix use of imported but unprotected openpgp keys. + + commit 6ab0fac575a8b04152a199cb300a08436b096753 + * agent/agent.h (PRIVATE_KEY_OPENPGP_NONE): New. + * agent/command.c (do_one_keyinfo): Implement it. + * agent/findkey.c (agent_key_from_file): Ditto. + (agent_key_info_from_file): Ditto. + (agent_delete_key): Ditto. + * agent/protect.c (agent_private_key_type): Add detection for openpgp + "none" method. + +2015-01-29 NIIBE Yutaka <gniibe@fsij.org> + + po: Update Japanese Translation. + + commit 6c368533f5211bed62e8638f522cef65c7ba4b87 + + +2015-01-28 Werner Koch <wk@gnupg.org> + + gpg: Limit the size of key packets to a sensible value. + + commit 382ba4b137b42d5f25a7e256bb7c053ee5ac7b64 + * g10/parse-packet.c (MAX_KEY_PACKET_LENGTH): New. + (MAX_UID_PACKET_LENGTH): New. + (MAX_COMMENT_PACKET_LENGTH): New. + (MAX_ATTR_PACKET_LENGTH): New. + (parse_key): Limit the size of a key packet to 256k. + (parse_user_id): Use macro for the packet size limit. + (parse_attribute): Ditto. + (parse_comment): Ditto. + + gpg: Fix buffering problem in --list-config. + + commit d8eea25b8b7becbfa3f059be6f5966a2f1aa7112 + * g10/gpg.c (list_config): Replace print_sanitized_string2 by + es_write_sanitized. + + * common/stringhelp.c (print_sanitized_buffer2): Remove. + (print_sanitized_buffer, print_sanitized_utf8_buffer): Remove. + (print_sanitized_utf8_buffer, print_sanitized_utf8_string): Remove. + (print_sanitized_string): Remove. + + * sm/certdump.c (print_dn_part, print_dn_parts): Remove arg FP. + (pretty_print_sexp, gpgsm_print_name2, gpgsm_print_name): Remove. + + Add a hook to be called right after main. + + commit 0c2bfd9d5a49a6134188f8f7820f6ccdebd9f181 + * common/init.c (early_system_init): New stub function. + + gpg: Allow predefined names as answer to the keygen.algo prompt. + + commit b1d5ed6ac842469afcb84868d0f6641dc286a6c7 + * g10/keygen.c (ask_algo): Add list of strings. + + agent: Add some extra robustness to extract_private_key. + + commit 795965437732e50f6216d7f5db0e6174e90548a9 + * agent/cvt-openpgp.c (extract_private_key): Add arg "arraysize". + Make sure that R_FLAGS and R_CURVE are set to NULL. + +2015-01-28 NIIBE Yutaka <gniibe@fsij.org> + + scd: Fix varargs call for 64-bit arch on ECC keys. + + commit f6d3c6e5263d84b94ebe13df9ff39b02109a2acb + * scd/app-openpgp.c (store_fpr): Remove CARD_VERSION from the + arguments. + (rsa_writekey): Follow the change. + (do_genkey): Likewise. + (ecc_writekey): Likewise. Cast to size_t. + +2015-01-27 Werner Koch <wk@gnupg.org> + + gpg: Fix segv introduced to commit 4d7c9b0. + + commit 6eebc56687935f3e993eac374b9f4cc5ad3bcf2b + * g10/keygen.c (get_parameter_passphrase): Take care of R == NULL. + +2015-01-27 NIIBE Yutaka <gniibe@fsij.org> + + agent: Fix agent_public_key_from_file for ECC. + + commit 9453d645d4a489f038829c80343c124fff62d635 + * agent/cvt-openpgp.c (extract_private_key): New. + (convert_to_openpgp): Use extract_private_key. + * agent/findkey.c (agent_public_key_from_file): Use + extract_private_key. + +2015-01-26 Werner Koch <wk@gnupg.org> + + sm: Simplify fix ed8383c6. + + commit 6c87d1ce66d8e93e6c0f16c06116e9179f6158ba + * sm/minip12.c (p12_build): Release PWBUF only at the end. + +2015-01-25 Joshua Rogers <git@internot.info> + + ccid: Remove incorrect expression leading to errors. + + commit 274d7b17a90908a90ba6ad295c08a79b287fc231 + * scd/ccid-driver.c (send_escape_cmd): Fix setting of 'rc'. + +2015-01-23 Werner Koch <wk@gnupg.org> + + gpgconf: Fix validity check for UINT32 values. + + commit 3f6abb57a7b5e54b593c5775c8f7a07d61119705 + * tools/gpgconf-comp.c (option_check_validity): Enable check for + UINT32. + +2015-01-22 Werner Koch <wk@gnupg.org> + + gpg: Improve skipping of PGP-2 keys. + + commit 09e8f35d3808d6e49f891360c341aae3869e8650 + * g10/keydb.c (keydb_search_first, keydb_search_next): Skip legacy + keys. + * g10/keyring.c (keyring_get_keyblock): Handle GPG_ERR_LEGACY_KEY. + (prepare_search): Ditto. + (keyring_rebuild_cache): Skip legacy keys. + * g10/keyserver.c (keyidlist): Ditto. + * g10/trustdb.c (validate_key_list): Ditto. + + gpg: Add dedicated error code for PGP-2 keys. + + commit 6f3d11d8837b00e3a1c4fa881066855c0321d6b2 + * g10/parse-packet.c (parse_key): Return GPG_ERR_LEGACY_KEY for PGP2 + keys. + * g10/import.c (read_block): Simplify by checking GPG_ERR_LEGACY_KEY. + * g10/getkey.c (lookup): Silence error message for PGP-2 keys. + + * common/util.h (GPG_ERR_LEGACY_KEY): Add replacement for older + libgpg-error. + + gpg: Replace remaining old error code macros by GPG_ERR_. + + commit 11142e0ad7bc9a9e3c3dccf958d8dbd3312cb993 + * g10/gpg.h (g10_errstr): Remove macro and change all occurrences by + gpg_strerror. + (G10ERR_): Remove all macros and change all occurrences by their + GPG_ERR_ counterparts. + + gpg: Remove an unused variable. + + commit a23c30fb59c0a216763a7972028995d3be42a844 + * g10/getkey.c (getkey_ctx_s): Remove last_rc. + +2015-01-21 Werner Koch <wk@gnupg.org> + + dirmngr: Fix TLS build problems. + + commit 091c35ec726a4fa4691c2665b13adee6a34b5b66 + * dirmngr/Makefile.am (AM_CFLAGS): Add flags for TLS libs. + + gpg: Support --passphrase with --quick-gen-key. + + commit 4d7c9b0e9aceedd924d600978bc1b6cae7d5c456 + * g10/keygen.c: Include shareddefs.h. + (quick_generate_keypair): Support static passphrase. + (get_parameter_passphrase): New. + (do_generate_keypair): Use it. + + gpg: Re-enable the "Passphrase" parameter for batch key generation. + + commit aa99ebde778b7b563f35025f1b48954757f840be + * agent/command.c (cmd_genkey): Add option --inq-passwd. + * agent/genkey.c (agent_genkey): Add new arg override_passphrase. + * g10/call-agent.c (inq_genkey_parms): Handle NEWPASSWD keyword. + (agent_genkey): Add arg optional arg "passphrase". + * g10/keygen.c (common_gen, gen_elg, gen_dsa, gen_ecc) + (gen_rsa, do_create): Add arg "passphrase" and pass it through. + (do_generate_keypair): Make use of pPASSPHRASE. + (release_parameter_list): Wipe out a passphrase parameter. + +2015-01-19 Werner Koch <wk@gnupg.org> + + kbx: Minor cleanup for the previous fix. + + commit 7be1b7d8017cb7ebf1a3855edec0ef5e342cc9c5 + * kbx/keybox-search.c (blob_get_keyid): Rename to + blob_get_first_keyid. Check number of keys and remove blob type check. + +2015-01-19 Damien Goutte-Gattat <dgouttegattat@incenp.org> + + kbx: Call skipfnc callback to filter out keys. + + commit c5956592c171e6fe988e74161aa99636b7f12e4b + * kbx/keybox-search.c (blob_get_keyid): New. + (keybox-search): Call skipfnc callback function. + +2015-01-13 Andreas Schwier <andreas.schwier@cardcontact.de> + + scd: Allow for certificates > 1024 with PC/SC. + + commit 16a1330fa16f6b23e2661c0175c431ab40da45ff + * scd/pcsc-wrapper.c (handle_transmit): Enlarge buffer to 4096 too + allow for larger certificates. + +2015-01-08 NIIBE Yutaka <gniibe@fsij.org> + + dirmngr: Fix error code path of map_host. + + commit 657a26f3af1b3f817d6cde2d091273d332571247 + * dirmngr/ks-engine-hkp.c (map_host): Fix error return. + +2015-01-08 Joshua Rogers <git@internot.info> + + scd: fix get_public_key for OpenPGPcard v1.0. + + commit 100b322f5da3066bab5a2b0eb234c631c581c0e4 + * scd/app-openpgp.c (get_public_key): correctly close 'fp' upon use. + +2015-01-07 NIIBE Yutaka <gniibe@fsij.org> + + dirmngr: fix LDAP query PATTERNS limit check. + + commit 22b15fccffe613f455f9748c048c8e451724a842 + * dirmngr/ldap.c (start_cert_fetch_ldap): fix ARGC limitation. + + scd: fix merge failure. + + commit 602f17b5a775f02e0e33a54d3155929dc00e4f53 + * scd/apdu.c (pcsc_pinpad_verify): Remove wrong lines inserted by + merge. + +2015-01-05 Werner Koch <wk@gnupg.org> + + sm,g13: Init local vars to avoid compiler warnings. + + commit 9bf40849a9f86204e113712c4cc285f1ac16127a + * sm/misc.c (transform_sigval): Init RSA_S_LEN. + * g13/mount.c (read_keyblob): Init HEADERLEN. + + gpg: Remove unused args from a function. + + commit 616e511f278bf9af04dc66bbb8b05b37bf541f37 + * g10/keyserver.c (parse_keyserver_uri): Remove args configname and + configlineno. Change all callers. + + gpg: Clear a possible rest of the KDF secret buffer. + + commit 56e688823345bbcfef220b13eb418854f8798b16 + * g10/ecdh.c (pk_ecdh_encrypt_with_shared_point): Fix order of args. + + build: Require automake 1.14. + + commit 445bb17d5fe6b53db078082fb033dbc67eea8307 + * configure.ac (AM_INIT_AUTOMAKE): Add serial-tests. + +2015-01-04 Werner Koch <wk@gnupg.org> + + agent: Make --allow-loopback-pinentry gpgconf changeable. + + commit ac2cb47fc5c0be539aaa07fd141acdbc0934800f + + +2014-12-22 Joshua Rogers <git@internot.info> + + tools: Free variable before return. + + commit cf88337f8a4f8c98aca4b1da5921d18567b4f474 + * tools/gpgconf-comp.c: Free 'dest_filename' before it is returned + upon error. + +2014-12-22 Daniel Kahn Gillmor <dkg@fifthhorseman.net> + + sm: Avoid double-free on iconv failure. + + commit ed8383c618e124cfa708c9ee87563fcdf2f4649c + * sm/minip12.c: (p12_build) if jnlib_iconv_open fails, avoid + double-free of pwbuf. + + scd: Avoid double-free on error condition in scd. + + commit b0b3803e8c2959dd67ca96debc54b5c6464f0d41 + * scd/command.c (cmd_readkey): avoid double-free of cert + + avoid future chance of using uninitialized memory. + + commit 367b073ab5f439ccf0750461d10c69f36998bd62 + * common/iobuf.c: (iobuf_open): initialize len + + avoid double-close in unusual dotlock situations. + + commit 628b111fa679612e23c0d46505b1ecbbf091897d + * common/dotlock.c: (dotlock_create_unix) avoid double-close() + in unusual situations. + + gpgkey2ssh: clean up varargs. + + commit 351bca9047d748c3c4f7e9a3cdc476af127b1da3 + * tools/gpgkey2ssh.c (key_to_blob) : ensure that va_end is called. + +2014-12-22 Werner Koch <wk@gnupg.org> + + doc: Fix memory leak in yat2m. + + commit 6056d2467310260ddc0db2fe65b737ace6febcaa + * doc/yat2m.c (write_th): Free NAME. + + dirmngr: Fix memory leak. + + commit 5a556e4e88bcbc926c0922070acaf5f7b25d18fb + * dirmngr/server.c (cmd_ks_search, cmd_ks_get): Fix memory leak. + + * dirmngr/ks-engine-hkp.c (ks_hkp_mark_host): Remove double check. + + dirmngr: Remove un-needed check. + + commit 0d5cb55402c44fb5f731ecf85705f845f3091aa7 + * dirmngr/crlfetch.c (crl_fetch): Check that URL is not NULL. + + dirmngr,gpgsm: Return NULL on fail. + + commit abd5f6752d693b7f313c19604f0723ecec4d39a6 + * dirmngr/ldapserver.c (ldapserver_parse_one): Set SERVER to NULL. + * sm/gpgsm.c (parse_keyserver_line): Ditto. + +2014-12-22 NIIBE Yutaka <gniibe@fsij.org> + + scd: ECDH Support. + + commit bdc8efbdd124d836c36cf482216e375421f72891 + * agent/divert-scd.c (divert_pkdecrypt): Support ECDH. + * scd/app-openpgp.c (get_algo_byte, store_fpr): Support ECDH. + (send_key_attr): Support ECDH. Fix EdDSA algorithm value. + (retrieve_key_material): Initialize fields. + (get_public_key, ecc_writekey, do_writekey): Support ECDH. + (ecdh_writekey): Remove. + (do_decipher): Support ECDH. + (parse_algorithm_attribute): Support ECDH. Fix EdDSA. + +2014-12-19 Werner Koch <wk@gnupg.org> + + agent: Make sure --max-cache-ttl is >= --default-cache-ttl. + + commit 76140141699b545f7a988bf5fc101063917e8ce3 + * agent/gpg-agent.c (finalize_rereadable_options): New. + (main, reread_configuration): Call it. + + agent: Keep the session environment for restricted connections. + + commit 14601eacb51f6c8a60d3d57aee1be11debd94c68 + * agent/command-ssh.c (setup_ssh_env): Move code to ... + * agent/gpg-agent.c (agent_copy_startup_env): .. new function. Change + calllers. + * agent/command.c (start_command_handler): Call that fucntion for + restricted connections. + + agent: Fix string prepended to remotely initiated prompts. + + commit aad8963f7b9d13b319abd413db8f42ec467db913 + * agent/command.c (cmd_setkeydesc): Use %0A and not \n. Make + translatable. + +2014-12-18 Werner Koch <wk@gnupg.org> + + build: Remove option to build without agent. + + commit abec64f3cb04e49ca48cc476a5830a920e2ebf8f + * configure.ac (build-agent): Set to yes. + +2014-12-17 Werner Koch <wk@gnupg.org> + + gpgconf: Exit with failure if --launch fails. + + commit 5cb6df8996623c00eaa2a39e3037101585442f7e + * tools/gpgconf-comp.c (gc_component_launch): Return an error code. + * tools/gpgconf.c (main): Exit if launch failed. + +2014-12-16 Werner Koch <wk@gnupg.org> + + Release 2.1.1. + + commit 08c00cd4fe432d6852ad1d5c34a234c56aa3617c + + + po: Update the German translation. + + commit 4ba740bd4734c43e7876f6f6380cc5963789d510 + + +2014-12-16 Petr Pisar <petr.pisar@atlas.cz> + + po: Update Czech translation. + + commit 30560491fe42562f4bbdb17d3213f7210f549a0f + + +2014-12-16 Werner Koch <wk@gnupg.org> + + gpg: Show private DO information in the card status. + + commit ce9212924039fba4e479760bba86c61b0d91c469 + * g10/call-agent.c (agent_release_card_info): Free private_do. + (learn_status_cb): Parse PRIVATE-DO-n stati. + +2014-12-16 Ineiev <ineiev@gnu.org> + + po: Update Russian translation. + + commit 5ab5b3fa6921f08dd0a498fe0381735e803d01e3 + + +2014-12-16 Jedi <jedi@jedi.org> + + po: Update zh_TW translation. + + commit 668dc6b32cb97608ef65b85d917c86f5aec896ce + + +2014-12-15 Werner Koch <wk@gnupg.org> + + gpg: Add sub-command "factory-reset" to --card-edit. + + commit dd65e21cb4934b40e6f2f7a8095f39fd6d9971bc + * common/util.h (GPG_ERR_OBJ_TERM_STATE): New. + * scd/iso7816.c (map_sw): Add this error code. + * scd/app-openpgp.c (do_getattr): Return the life cycle indicator. + * scd/app.c (select_application): Allow a return value of + GPG_ERR_OBJ_TERM_STATE. + * scd/scdaemon.c (set_debug): Print the DBG_READER value. + * g10/call-agent.c (start_agent): Print a status line for the + termination state. + (agent_scd_learn): Make arg "info" optional. + (agent_scd_apdu): New. + * g10/card-util.c (send_apdu): New. + (factory_reset): New. + (card_edit): Add command factory-reset. + + gpg: Fix regression in notation data regression. + + commit fc9a35d2dec2f838abac831fd88dca494773e082 + * g10/misc.c (pct_expando): Reorder conditions for clarity. + * g10/sign.c (write_signature_packets): Fix notation data creation. + + gpg: Avoid extra LF in notaion data listing. + + commit b4e402cb5c6d7fc507e8d5131969145b49640e50 + * g10/keylist.c (show_notation): Use log_printf. + +2014-12-12 Werner Koch <wk@gnupg.org> + + scd: Fix possibly inhibited checkpin of the admin pin. + + commit 68b4e7c9e4de0dc3580ca5af3cfd0f20a2691b5e + * scd/app-openpgp.c (do_check_pin): Do not check a byte of a released + buffer. + + gpg: Let --card--status create a shadow key (card key stub). + + commit f3f9f9b2844c35f7942ee904d5222523615cdad4 + * agent/command.c (cmd_learn): Add option --sendinfo. + * agent/learncard.c (agent_handle_learn): Add arg "send" andsend + certifciate only if that is set. + * g10/call-agent.c (agent_scd_learn): Use --sendinfo. Make INFO + optional. + (agent_learn): Remove. + * g10/keygen.c (gen_card_key): Replace agent_learn by agent_scd_learn. + + gpg: Fix possible read of unallocated memory. + + commit 193815030d20716d9a97850013ac3cc8749022c9 + * g10/parse-packet.c (can_handle_critical): Check content length + before calling can_handle_critical_notation. + +2014-12-11 Werner Koch <wk@gnupg.org> + + build: Replace deprecated autconf macro. + + commit 1d8ebe4d54eef37da65e7bd5d7386bc04f344447 + * m4/intl.m4: s/AM_PROG_MKDIR_P/AC_PROG_MKDIR_P/ + * m4/po.m4: Ditto. + +2014-12-08 Werner Koch <wk@gnupg.org> + + dirmngr: Improve dead host detection. + + commit e8c0ed779579293b3f4592d9337bc15ee0fc3fdd + * dirmngr/ks-engine-hkp.c (handle_send_request_error): Mark host dead + also for 2 other error messages. + + http: Improve diagnostic messages. + + commit 6d5f12834124ba5ee0e54261531abf95c36c116c + * common/http.c (send_request): Print TLS alert info + (connect_server): Detect bogus DNS entry. + + gpg: Obsolete some keyserver helper options. + + commit 5bf93f4ea7a11381dd256b5fd4e5913366828265 + * g10/options.h (opt): Remove keyserver_options.other. + * g10/gpg.c (main): Obsolete option --honor-http-proxt. + * g10/keyserver.c (add_canonical_option): Replace by ... + (warn_kshelper_option): New. + (parse_keyserver_uri): Obsolete "x-broken-http". + + dirmngr: Return a proper error for all dead hosts. + + commit b72ece6d74d3e385e818ead748eba0cb111b95b3 + * dirmngr/ks-engine-hkp.c (map_host): Change to return an gpg_error_t. + Return an error code for all dead hosts. + (make_host_part): Change to return an gpg_error_t. Change all + callers. + + gpg: Write a status line for a failed --send-keys. + + commit 66ab8f807c96b778f2a2c82b58d3e15ac295e1b2 + * g10/keyserver.c (keyserver_put): Write an status error. + +2014-12-08 NIIBE Yutaka <gniibe@fsij.org> + + scd: Fix for EdDSA. + + commit c50c11d5751f46ddb38244a5a07d8274e1e10922 + * scd/app-openpgp.c (get_algo_byte): It catches 22. + (store_fpr): It's MPI usually, but it's opaque bytes for EdDSA. + +2014-12-05 Andre Heinecke <aheinecke@intevation.de> + + Document no-allow-mark-trusted option. + + commit f4ed04fca8885301b567ec004ffff0d6e24f4611 + doc: Document no-allow-mark-trusted for gpg-agent + + * doc/gpg-agent.texi: Change allow-mark-trusted doc to + no-allow-mark-trusted. + + -- + Since rev. 78a56b14 allow-mark-trusted is the default option + and was replaced by no-allow-mark-trusted to disable the + interactive prompt. + +2014-12-05 NIIBE Yutaka <gniibe@fsij.org> + + scd: Fix for NIST P-256. + + commit 8720125f5a283ede34e52c2493b8a9b0226ae62c + * g10/card-util.c (card_store_subkey): Error check. + * scd/app-opengpg.c (ecc_writekey): Support NIST P-256. + (do_writekey): Error check. + +2014-12-04 Werner Koch <wk@gnupg.org> + + gpg: Allow import of large keys. + + commit 63e7891f0f9f0228d93c6cd979fbf2797da2b67d + * g10/import.c (import): Skip too large keys. + * kbx/keybox-file.c (IMAGELEN_LIMIT): Change limit from 2MB to 5MB. + +2014-12-03 Werner Koch <wk@gnupg.org> + + gpg: Remove option aliases --[no-]throw-keyid and --notation-data. + + commit 17b4662984b4669d8dcbbd6705ccfbe6c263319c + * g10/gpg.c (opts): Remove them. + * g10/options.h (opt): s/throw_keyid/throw_keyids/ and change users. + +2014-12-02 Werner Koch <wk@gnupg.org> + + agent: Replace some sprintf. + + commit fabcf1440a6900b9471f11e4f2a015e9f2d1a74c + * agent/call-scd.c (agent_card_pksign): Replace sprintf by bin2hex. + * agent/command-ssh.c (ssh_identity_register): Ditto. + * agent/pkdecrypt.c (agent_pkdecrypt): Replace sprintf by + put_membuf_printf. + +2014-12-01 Werner Koch <wk@gnupg.org> + + tools: Improve watchgnupg portability. + + commit 0367a4b8cfbf1f197e093ca2b83b27e0a409c3c7 + * configure.ac (AC_CHECK_HEADERS): Check for sys.select.h + * tools/watchgnupg.c: Include it. + + gpg: Fix export bug using exact search with only one key in the keybox. + + commit f1c3eb4b16ca43b5d3712a3b54c22d17ce85af47 + * g10/export.c (do_export_stream): Disable caching. + * g10/keyserver.c (keyidlist): Ditto. + + scd: Implement socket redirection. + + commit 2f90b7c21b2f84ca2bf5f4555da9233e84606b4e + * scd/scdaemon.c (ENAMETOOLONG): New. + (redir_socket_name): New. + (cleanup): Take care of a redirected socket. + (main): Pass redir_socket_name to create_server_socket. + (create_socket_name): Remove superfluous length check. + (create_server_socket): Add arg r_redir_name and implement + redirection. Replace assert for older Assuan by an error message. + + dirmngr: Implement socket redirection. + + commit eede0e59bf6281777da7391752ae4191f3e51204 + * dirmngr/dirmngr.c (ENAMETOOLONG): new. + (redir_socket_name): New. + (main): Add Assuan socket redirection. + (cleanup): Adjust cleanup for redirection. + +2014-11-28 Werner Koch <wk@gnupg.org> + + agent: Implement socket redirection. + + commit e1f515b19c7f63b6d0b0253319b9fc41dabed657 + * agent/gpg-agent.c (ENAMETOOLONG): New. + (redir_socket_name, redir_socket_name_extra) + (redir_socket_name_ssh): New. + (remove_socket): Take care of the redir names. + (main): Pass the redir names to create_server_socket. + (create_socket_name): Remove length check - that is anyway done later. + (create_server_socket): Add arg r_redir_name and implement redirection + if Libassuan is at least 2.14. + + gpg: Change another BUG() call to a regular error message. + + commit e59b1cc7471dd161a627b290c645ef7bd0d9d42c + * g10/mainproc.c (proc_tree): Replace BUG by a proper error messages. + + Add option --no-autostart. + + commit 7aee3579be6e24a1aa280e75615fc3a11ceef960 + * g10/gpg.c: Add option --no-autostart. + * sm/gpgsm.c: Ditto. + * g10/options.h (opt): Add field autostart. + * sm/gpgsm.h (opt): Ditto. + * g10/call-agent.c (start_agent): Print note if agent was not + autostarted. + * sm/call-agent.c (start_agent): Ditto. + * g10/call-dirmngr.c (create_context): Likewise. + * sm/call-dirmngr.c (start_dirmngr_ext): Ditto. + +2014-11-27 Мирослав Николић <wk@gnupg.org> + + gpg-agent: Add restricted connection feature. + + commit f173cdcdfbfd083b035516a406c2c754f38a0ace + * agent/agent.h (opt): Add field extra_socket. + (server_control_s): Add field restricted. + * agent/command.c: Check restricted flag on many commands. + * agent/gpg-agent.c (oExtraSocket): New. + (opts): Add option --extra-socket. + (socket_name_extra): New. + (cleanup): Cleanup that socket name. + (main): Implement oExtraSocket. + (create_socket_name): Add arg homedir and change all callers. + (create_server_socket): Rename arg is_ssh to primary and change + callers. + (start_connection_thread): Take ctrl as arg. + (start_connection_thread_std): New. + (start_connection_thread_extra): New. + (handle_connections): Add arg listen_fd_extra and replace the + connection starting code by parameterized loop. + * common/asshelp.c (start_new_gpg_agent): Detect the use of the + restricted mode and don't fail on sending the pinentry environment. + + * common/util.h (GPG_ERR_FORBIDDEN): New. + + agent: Make auditing of the option list easier. + + commit ccee34736b57a42ec4bdcb0d3181bdc6a08b0fff + * agent/gpg-agent.c (opts): Use ARGPARSE_ macros. + +2014-11-26 Kristian Fiskerstrand <kf@sumptuouscapital.com> + + dirmngr: Only report hkps scheme when available. + + commit 68a7ccc0c870cce6ab9fefb1aa6fd100e1de129b + * dirmngr/ks-engine-hkp.c (ks_hkp_help): Make use of TLS macros. + +2014-11-26 Werner Koch <wk@gnupg.org> + + gpg: Change a bug() call to a regular error message. + + commit 1c2140346d6ef9c35e303099d2d15be57869b4d5 + * g10/decrypt-data.c (decrypt_data): Return an error code instead of + calling BUG(). + +2014-11-25 Werner Koch <wk@gnupg.org> + + Fix buffer overflow in openpgp_oid_to_str. + + commit 8445ef24fc31e1fe0291e17f90f9f06b536e34da + * common/openpgp-oid.c (openpgp_oid_to_str): Fix unsigned underflow. + + * common/t-openpgp-oid.c (BADOID): New. + (test_openpgp_oid_to_str): Add test cases. + +2014-11-24 Werner Koch <wk@gnupg.org> + + gpg: Fix use of uninit.value in listing sig subpkts. + + commit 596ae9f5433ca3b0e01f7acbe06fd2e424c42ae8 + * g10/parse-packet.c (dump_sig_subpkt): Print regex subpacket + sanitized. + + gpg: Fix off-by-one read in the attribute subpacket parser. + + commit 0988764397f99db4efef1eabcdb8072d6159af76 + * g10/parse-packet.c (parse_attribute_subpkts): Check that the + attribute packet is large enough for the subpacket type. + + gpg: Fix batch generation of ECC keys. + + commit b716e6a69919b89c7887d6c7c9b97e58d18fdf95 + * g10/keygen.c (get_parameter_algo): Map ECC algorithm strings + directly. + +2014-11-24 Daniel Kahn Gillmor <dkg@fifthhorseman.net> + + Distinguish between ARGPARSE_AMBIGUOUS_{OPTION,COMMAND} + + commit eed16ccebf8fd1fdf9709affbd5c831f6957b8ae + * common/argparse.c (initialize): Use correct value. + + gpg: Refer to --throw-keyids instead of --throw-keyid. + + commit a3cf781e3bc144aff60e007b9ba59bff7b1b2c9e + * g10/encrypt.c: adjust error message + +2014-11-21 Werner Koch <wk@gnupg.org> + + gpg: Track number of skipped v3 keys on import. + + commit 44c9cc18968b3e1d7568ec41ebf28a07285c61bb + * g10/import.c (stats_s): Add field v3keys. + (import): Update this field. + (import_print_stats): Print v3 key count. + (read_block): Skip v3 keys and return a count for them. + + gpg: Fix regression in parse_key. + + commit 94a54425144e412bc83e44b7c6323282f49f650f + * g10/parse-packet.c (parse): Better return just the gpg_err_code. + (parse_key): Return the error code. + + speedo: Add simple logos to the installer. + + commit 9a85b91e925ac0798d56820353bf5858b212277f + * build-aux/speedo/w32/README.txt: Include GnuPG Readme. + * build-aux/speedo/w32/gnupg-logo-150x57.bmp: New. + * build-aux/speedo/w32/gnupg-logo-164x314.bmp: New. + * build-aux/speedo/w32/inst.nsi: Add logos. + * build-aux/speedo.mk ($(bdir)/NEWS.tmp): Extract news items. + +2014-11-20 Werner Koch <wk@gnupg.org> + + gpg: Fix hash detection for ECDSA. + + commit f80c2dd78d522f12b2c7afbd5c0763a97d87d2bd + * g10/sign.c (sign_file): Use DSA or ECDSA and not DSA|EdDSA. + + Fix linker problem on OS X. + + commit cd2c6f36fe5d1d1d45546f5168aead5cbe6487e0 + * common/init.c (default_errsource): Move to the .data segmemt. + +2014-11-19 Werner Koch <wk@gnupg.org> + + gpg-connect-agent: Add convenience option --uiserver. + + commit 164a6a9dd4af26668dd0d01061688bf1ceff44bf + + + Add "gpgconf --kill dirmngr" and avoid useless launch before a kill. + + commit 0e7dd40342bd56810c27db1c38c1928f56f43bfd + * common/asshelp.c (start_new_gpg_agent): Add arg autostart. Change + all callers to use 1 for it. + (start_new_dirmngr): Ditto. + * tools/gpg-connect-agent.c: Add option --no-autostart. + (main): Default autostart to 1. + (start_agent): Implement no-autostart. + * tools/gpgconf-comp.c (gpg_agent_runtime_change): Use --no-autostart. + (scdaemon_runtime_change): Ditto. + (dirmngr_runtime_change): New. + + po: Copied missing translations from the 2.0 branch. + + commit 329ece46bf83871f01eb833d5ebec6da36bfcce0 + * po/LINGUAS: Add new translations. + +2014-11-17 Werner Koch <wk@gnupg.org> + + gpg: Fix a NULL-deref for invalid input data. + + commit 32e85668b82f6fbcb824eea9548970804fb41d9e + * g10/mainproc.c (proc_encrypted): Take care of canceled passpharse + entry. + +2014-11-13 Werner Koch <wk@gnupg.org> + + gpg: Make the use of "--verify FILE" for detached sigs harder. + + commit 69384568f66a48eff3968bb1714aa13925580e9f + * g10/openfile.c (open_sigfile): Factor some code out to ... + (get_matching_datafile): new function. + * g10/plaintext.c (hash_datafiles): Do not try to find matching file + in batch mode. + * g10/mainproc.c (check_sig_and_print): Print a warning if a possibly + matching data file is not used by a standard signatures. + + gpg: Fix a missing LF in debug output. + + commit 22748338da9a78d20aefe3656ba40b0f9d34a681 + * g10/kbnode.c (dump_kbnode): Print a LF. + + gpg: Remove PGP-2 related cruft. + + commit e30cb8f61792e3808f7c8f343fc8545e6c81fe74 + * g10/armor.c (parse_hash_header,carmor_filter): Ignore MD5 in hash + header. + (fake_packet): Remove pgp-2 workaround for white space stripping. + * g10/filter.h (armor_filter_context_t): Remove field pgp2mode. + * g10/options.h (opt): Remove field pgp2_workarounds. + * g10/gpg.c (main): Do not set this field. + * g10/gpgv.c (main): Ditto. + * g10/mainproc.c (proc_encrypted): Use SHA-1 as fallback s2k hash + algo. Using MD5 here is useless. + (proc_plaintext): Remove PGP-2 related woraround + (proc_tree): Remove another workaround but keep the one for PGP-5. + +2014-11-12 Werner Koch <wk@gnupg.org> + + gpg: Improve perceived speed of secret key listings. + + commit 81e177be10273885573f5d1fd88a1ee23479f4ab + * g10/keylist.c (list_keyblock): Flush stdout for secret keys. + + gpg: Fix regression in --refresh-keys. + + commit eecbed004ca1e9ca23c3892c3a5e6dd174ddf93b + * g10/keyserver.c (keyserver_get): Factor all code out to ... + (keyserver_get_chunk): new. Extimate line length. + (keyserver_get): Split up requests into chunks. + + gpg: Add import options "keep-ownertrust". + + commit ffc2307843ce6c4ac3c8d99ba8c70ffa1ae28e39 + * g10/options.h (IMPORT_KEEP_OWNERTTRUST): New. + * g10/import.c (parse_import_options): Add "keep-ownertrust". + (import_one): Act upon new option. + +2014-11-11 Werner Koch <wk@gnupg.org> + + Remove use of gnulib (part 2) + + commit b8cdfac353ad96d4ef025c066c16dbde34805661 + * configure.ac (strpbrk): Add to AC_CHECK_FUNCS. + (gl_EARLY): Remove. + * common/stringhelp.c (strpbrk) [!HAVE_STRPBRK]: New. + * common/sysutils.c (gnupg_mkdtemp): New. Based on code from + glibc-2.6. + (gnupg_setenv): Rewrite. + (gnupg_unsetenv): Rewrite. + * g10/exec.c: Include sysutils.h and replace mkdtemp by gnupg_mkdtemp. + * g13/be-encfs.c: Ditto. + * g13/mount.c: Ditto. + * tools/symcryptrun.c (confucius_mktmpdir): Ditto. + + Remove use of gnulib (part 1) + + commit 1adf719b2d8e2d5b912bf6655731e7e586402654 + * gl/: Remove entire tree. + * configure.ac: Remove gnulib tests and the gl/ Makefile. + (setenv): Add to AC_CHECK_FUNCS. + * autogen.rc (extra_aclocal_flags): Set to empty. + * Makefile.am (ACLOCAL_AMFLAGS): Remove -I gl/m4 + (SUBDIRS): Remove gl/. + * agent/Makefile.am (common_libs): Remove ../gl/gnulib.a + * common/Makefile.am (t_common_ldadd): Ditto. + * dirmngr/Makefile.am (dirmngr_LDADD): Ditto. + (dirmngr_ldap_LDADD, dirmngr_client_LDADD): Ditto. + * g10/Makefile.am (needed_libs): Ditto. + * g13/Makefile.am (g13_LDADD): Ditto. + * kbx/Makefile.am (kbxutil_LDADD): Ditto. + ($(PROGRAMS)): Ditto. + * scd/Makefile.am (scdaemon_LDADD): Ditto. + * sm/Makefile.am (common_libs): Ditto. + * tools/Makefile.am (common_libs, commonpth_libs): Ditto. + + * agent/gpg-agent.c: Remove "mkdtemp.h" + * g10/exec.c: Ditto. + * scd/scdaemon.c: Ditto. + * tools/symcryptrun.c: Ditto. + * common/sysutils.c: Remove "setenv.h" + + * common/t-timestuff.c: Use putenv if setenv is not available. + +2014-11-07 Werner Koch <wk@gnupg.org> + + gpg: Remove warning message for non-implemented search modes. + + commit 7362c8c6e60939588e817384ae2e29195cb3f518 + * kbx/keybox-search.c (keybox_search): Silently ignore. + * doc/specify-user-id.texi: Docuement '@", '+', and '.' search + prefixes. + + w32: Fix http access module. + + commit f0f5cb6b3e525f696b8820c517190e1d84f3b885 + * common/http.c (write_server) [W32]: Rework to use send() instead of + write even when build with npth. + (cookie_read) [W32]: Rework to use recv() instead of read even when + build with npth. + + build: Add method to use a custom swdb.lst and use adns with Windows. + + commit c7c79e31937e2d2fdb4042641786c229e31fbfae + * build-aux/getswdb.sh: Add option --skip-verify. + * build-aux/speedo.mk: Add config var CUSTOM_SWDB. Tage adns version + from swdb and build for Windows with adns. + + build: Improve test for ADNS. + + commit f7e1be24c8fcf588d4e48aa53a85b22bd035e3b0 + * configure.ac <adns>: Use adns_free as probe function for libadns. + (HAVE_ADNS_FREE): Remove bogus tests to set this and remove the macro. + (ADNSLIBS): Do not ac_subst - it is only used within configure. + +2014-11-05 Werner Koch <wk@gnupg.org> + + speedo: Append the date to the Windows installer. + + commit 8ec0b384a86bd7f67a60ab43ff1540e80c3f729d + * build-aux/speedo.mk (BUILD_DATESTR): New. + (dist-source, installer): Use it. + + Release 2.1.0. + + commit e22b459b910762f77245283746de34c67ebc72da + + + Avoid sign extension when shifting the MSB. + + commit 91b826a38880fd8a989318585eb502582636ddd8 + * sm/fingerprint.c (gpgsm_get_short_fingerprint): Cast MSB before + shifting. + * g10/build-packet.c (delete_sig_subpkt): Ditto. + +2014-11-04 Werner Koch <wk@gnupg.org> + + Remove all expired common CA certificates. + + commit 46fa1e0fe9f7407f12aa854e5cdb54624af3e89b + * doc/com-certs.pem: Remove certifciates. + +2014-11-02 Werner Koch <wk@gnupg.org> + + gpg: Avoid extra pinentries for each subkey in --export-secret-keys. + + commit f8c993fbe28bf02f1d7aadec823a9dfc935398fa + * agent/command.c (cmd_export_key): Actually implement the cache_nonce + feature. + * g10/export.c (do_export_stream): Make use of a cache_nonce. + + gpg: Fix endless loop in keylisting with fingerprint. + + commit d95f05c314adfecbe0af9073f964030010442f9b + * g10/getkey.c (getkey_next): Disable cache. + + gpg: Minor cleanup for key listing related code. + + commit 440e8f517008107a9fe1b72cb659b97b7d840de6 + * g10/getkey.c (get_pubkey_next): Divert to getkey_next. + (get_pubkey_end): Move code to getkey_end. + * g10/keydb.c (keydb_search_reset): Add a debug statement. + (dump_search_desc): Add arg HD and print the handle. + + gpg: Do not show an useless passphrase prompt in batch mode. + + commit a929f36693567e57eca89fb48f23cada8ce7291a + * g10/keygen.c: Remove unused PASSPHRASE related code. + (proc_parameter_file): Remove useless asking for a passphrase in batch + mode. + +2014-10-31 Werner Koch <wk@gnupg.org> + + gpg: Remove superfluous check for Libgcrypt >= 1.4.0. + + commit f4df71aa2d544ec46a2ded3055ffb21b9842129e + * g10/gpg.c (main): Remove check. + + kbx: Let keydb_search skip unwanted blobs. + + commit 935edf88ab29b2f63afc2a0e3af1b33c92033ab7 + * kbx/keybox.h (keybox_blobtype_t): New. + * kbx/keybox-defs.h (BLOBTYPE_*): Replace by KEYBOX_BLOBTYPE_*. + * kbx/keybox-search.c (keybox_search): Add arg want_blobtype and skip + non-matching blobs. + * sm/keydb.c (keydb_search): Pass KEYBOX_BLOBTYPE_X509 to keybox_search. + * g10/keydb.c (keydb_search): Pass KEYBOX_BLOBTYPE_PGP to keybox_search. + + gpg: Fix --rebuild-keydb-caches. + + commit 28ae8ad70b3b802e67344468a4765eee6e291c68 + * g10/parse-packet.c (parse_key): Store even unsupported packet + versions. + * g10/keyring.c (keyring_rebuild_cache): Do not copy keys with + versions less than 4. + + gpg: Fix testing for secret key availability. + + commit 433208a5536608c2b40525eebadbbdeb7780d7f2 + * g10/getkey.c (have_secret_key_with_kid): Do not change the search + mode. + + build: Avoid distributing backup files etc. + + commit b47fe2b14e2a610706bdeff9dbd9a5f7bd6f6b3a + * Makefile.am (EXTRA_DIST): Do not include directories. + +2014-10-30 Werner Koch <wk@gnupg.org> + + tests: Speed up the genkey1024.test by using not so strong random. + + commit 9546aa3cc87fc83a40768a12fbbceb19496ce129 + * agent/gpg-agent.c (oDebugQuickRandom): New. + (opts): New option --debug-quick-random. + (main): Use new option. + * common/asshelp.c (start_new_gpg_agent): Add hack to pass an + additional argument for the agent name. + * tests/openpgp/defs.inc: Pass --debug-quick-random to the gpg-agent + starting parameters. + * tests/openpgp/version.test: Ditto. + +2014-10-29 Werner Koch <wk@gnupg.org> + + common: Check option arguments for a valid range. + + commit 0d73a242cb53522669cf712b5ece7d1ed05d003a + * common/argparse.h (ARGPARSE_INVALID_ARG): New. + * common/argparse.c: Include limits h and errno.h. + (initialize): Add error strings for new error constant. + (set_opt_arg): Add range checking. + + Fix stdint.h problem for Apple. + + commit f5592fcff308007322a201c970a6d5e8763c9fe3 + * gl/stdint_.h [__APPLE__]: Include hack. + +2014-10-27 Werner Koch <wk@gnupg.org> + + speedo: Fixes for native build. + + commit 158fe900183daf745821dea7a70cf1c673cd8de0 + * build-aux/speedo.mk (TARGETOS): Init with empty string. + (speedo_pkg_gnupg_configure): Use --enable-gpg2-is-gpg only for w32. + (INST_VERSION, INST_PROD_VERSION): Create only for w32. + +2014-10-24 Werner Koch <wk@gnupg.org> + + agent: Support pinentries with integrated repeat passphrase feature. + + commit c9aadcb3a248632c07391ff3d829bece9320a901 + * agent/agent.h (struct pin_entry_info_s): Add fields repeat_okay and + with_repeat. + * agent/call-pinentry.c (close_button_status_cb): Rewrite and check + for PIN_REPEAT. Change users to check only the relevant bit. + (agent_askpin): Support repeat logic of new Pinentries. + + * agent/command-ssh.c (ssh_identity_register): Use the new repeat + feature. + * agent/genkey.c (agent_ask_new_passphrase): Ditto. + +2014-10-19 Werner Koch <wk@gnupg.org> + + gpg: Silence "packet with obsolete versoin" warnings. + + commit 472a4a0d82add2d17154fa38e0074eaea56c28c1 + * g10/parse-packet.c (parse_key): Print warning only in very verbose + mode. + + gpg: Make card key generation work again. + + commit 1b8decc4767f0c55867327bdf3113204efcd19a7 + * g10/call-agent.c (agent_scd_learn): Rename from agent_learn. + (agent_learn): New. + * g10/keygen.c (gen_card_key): Call new agent-learn. + +2014-10-17 Werner Koch <wk@gnupg.org> + + dirmngr: Allow building without LDAP support. + + commit 6d9491842d5da597980eaa59e1e3e2137965fe09 + * configure.ac: Add option --disable-ldap. + (USE_LDAP): New ac_define and am_conditional. + * dirmngr/Makefile.am: Take care of USE_LDAP. + * dirmngr/dirmngr.c (!USE_LDAP): Make all ldap options dummy options + and do not call any ldap function. + * dirmngr/server.c (!USE_LDAP): Do not call any ldap function. + * dirmngr/crlfetch.c (!USE_LDAP): Ditto. + + w32: Set SYSROOT to help finding config scripts. + + commit a13705f4c18db56765f4af31376e81241dbabebe + * autogen.sh <build-w32>: Set SYSROOT. + + gpg: Remove all support for v3 keys and always create v4-signatures. + + commit 8fd150b05b744fe9465057c12529d5e6b6b02785 + * g10/build-packet.c (do_key): Remove support for building v3 keys. + * g10/parse-packet.c (read_protected_v3_mpi): Remove. + (parse_key): Remove support for v3-keys. Add dedicated warnings for + v3-key packets. + * g10/keyid.c (hash_public_key): Remove v3-key support. + (keyid_from_pk): Ditto. + (fingerprint_from_pk): Ditto. + + * g10/options.h (opt): Remove fields force_v3_sigs and force_v4_certs. + * g10/gpg.c (cmd_and_opt_values): Remove oForceV3Sigs, oNoForceV3Sigs, + oForceV4Certs, oNoForceV4Certs. + (opts): Turn --force-v3-sigs, --no-force-v3-sigs, --force-v4-certs, + --no-force-v4-certs int dummy options. + (main): Remove setting of the force_v3_sigs force_v4_certs flags. + * g10/revoke.c (gen_revoke, create_revocation): Always create v4 certs. + * g10/sign.c (hash_uid): Remove support for v3-signatures + (hash_sigversion_to_magic): Ditto. + (only_old_style): Remove this v3-key function. + (write_signature_packets): Remove support for creating v3-signatures. + (sign_file): Ditto. + (sign_symencrypt_file): Ditto. + (clearsign_file): Ditto. Remove code to emit no Hash armor line if + only v3-keys are used. + (make_keysig_packet): Remove arg SIGVERSION and force using + v4-signatures. Change all callers to not pass a value for this arg. + Remove all v3-key related code. + (update_keysig_packet): Remove v3-signature support. + * g10/keyedit.c (sign_uids): Always create v4-signatures. + + * g10/textfilter.c (copy_clearsig_text): Remove arg pgp2mode and + change caller. + +2014-10-13 Werner Koch <wk@gnupg.org> + + gpg: Remove extra RSA import status line. + + commit fab89f159bcb36ea7285af661d5756eefa981822 + * g10/import.c (stats_s): Remove field "imported_rsa". + (import_print_stats): Do not print separate value for RSA. + (import_one): Remove the RSA counter. + + gpg: Fix informative printing of user ids. + + commit 21c0ea6bafafbcc4a2e07f0ac76275cc0229e9a0 + * g10/getkey.c (keyid_list): Add field "fpr". + (cache_user_id): Store fpr and check for dups only by fpr. + (get_pubkey_byfpr): New. + (get_user_id_string): Make static and use xasprintf. + (get_long_user_id_string): Use xasprintf. + (get_user_id_byfpr): New. + (get_user_id_byfpr_native): New. + * g10/keyid.c (fingerprint_from_pk): Make arg RET_LEN optional. + * g10/import.c (import_one): Use get_user_id_byfpr_native. + + gpg: Allow importing keys with duplicated long key ids. + + commit c60814a5ce13932d933b363abc0c60c12783ae2f + * g10/keydb.c (keydb_handle): Add field no_caching. + (keyblock_cache): Repalce field kid by fpr. + (keydb_disable_caching): New. + (keydb_search): Use the fingerprint as cache index. + + * g10/import.c (import_one): Use the fingerprint and not the kid to + lookup the key. Call keydb_disable_caching beofre re-searching for + update. + + * tests/openpgp/import.test: Add a test case. + + tests: Speed up conventional encryption tests for gpg. + + commit 2543f0ab9c7b4247347688863f898667bae31984 + * tests/openpgp/conventional-mdc.test: Add an s2k-count option. + * tests/openpgp/conventional.test: Ditto. + +2014-10-12 Werner Koch <wk@gnupg.org> + + gpg: Minor change for better readability. + + commit 2d68dc437e7de92619abe3a019b0a7606487b6bf + * g10/build-packet.c (write_version): Remove. + (do_pubkey_enc, do_onepass_sig): Write version directly. + +2014-10-10 Werner Koch <wk@gnupg.org> + + doc: Fix a man page rendering problem. + + commit 5b5e5a6027ae1743719e112aa4e9055f1b8133a7 + * doc/gpg-agent.texi (Agent Configuration): Fix rendering of the + sshcontrol example. + +2014-10-10 Daniel Kahn Gillmor <dkg@fifthhorseman.net> + + gpg: Add build and runtime support for larger RSA keys. + + commit 6cabb7a2a18f871b8c3d5de58bcdc5aaa5b201af + * configure.ac: Added --enable-large-secmem option. + * g10/options.h: Add opt.flags.large_rsa. + * g10/gpg.c: Contingent on configure option: adjust secmem size, + add gpg --enable-large-rsa, bound to opt.flags.large_rsa. + * g10/keygen.c: Adjust max RSA size based on opt.flags.large_rsa + * doc/gpg.texi: Document --enable-large-rsa. + +2014-10-09 Werner Koch <wk@gnupg.org> + + gpg: Skip overlong keys and a print a warning. + + commit 2ca90f78cee91c43b8d538d1cb92728f8e1452d5 + * kbx/keybox-search.c (keybox_search): Add arg r_skipped and skip too + long blobs. + * sm/keydb.c (keydb_search): Call keybox_search with a dummy param. + * g10/keydb.c (struct keydb_handle): Add field skipped_long_blobs. + (keydb_search_reset): Reset that field. + (keydb_search): Update that field. + (keydb_get_skipped_counter): New. + * g10/keylist.c (list_all): Print count of skipped keys. + + gpg: Sync keylist output and warning messages. + + commit 60e21d8b85888b8c9ea15c70268f98d780fdf5fb + * g10/keylist.c (list_all): Flush stdout before logging. + * g10/misc.c (print_pubkey_algo_note): Ditto. + (print_cipher_algo_note): Ditto. + (print_digest_algo_note): Ditto. + (print_md5_rejected_note): Ditto. + + kbx: Fix handling of overlong keys. + + commit b6507bb80e4e4aa5c85a918fdcf5c28cccb75081 + * kbx/keybox-file.c (IMAGELEN_LIMIT): Change limit from 10^6 to 2MiB. + (_keybox_read_blob2): Skip too long record records. + (_keybox_write_blob): Do not accept too long record. + * kbx/keybox-dump.c (file_stats_s): Add field skipped_long_blobs. + (_keybox_dump_file): Print new counter. + (_keybox_dump_file): Skip too long records. + ---- + + To test this feature you may set the limit back to 1MiB and use key + F7F0E70F307D56ED which is in my local copy close to 2MiB. Without + this patch it was possible to import the key but access to that key + and all keys stored after it was not possible. + + gpg: Take care to use pubring.kbx if it has ever been used. + + commit ec332d58efc50f6508b87fc9f51db68c39cee044 + * kbx/keybox-defs.h (struct keybox_handle): Add field for_openpgp. + * kbx/keybox-file.c (_keybox_write_header_blob): Set openpgp header + flag. + * kbx/keybox-blob.c (_keybox_update_header_blob): Add arg for_openpgp + and set header flag. + * kbx/keybox-init.c (keybox_new): Rename to do_keybox_new, make static + and add arg for_openpgp. + (keybox_new_openpgp, keybox_new_x509): New. Use them instead of the + former keybox_new. + * kbx/keybox-update.c (blob_filecopy): Add arg for_openpgp and set the + openpgp header flags. + + * g10/keydb.c (rt_from_file): New. Factored out and extended from + keydb_add_resource. + (keydb_add_resource): Switch to the kbx file if it has the openpgp + flag set. + + * kbx/keybox-dump.c (dump_header_blob): Print header flags. + +2014-10-09 Daniel Kahn Gillmor <dkg@fifthhorseman.net> + + Avoid unnecessary library linkage. + + commit 27fe067efea883629354450a042ad09e47d90ff8 + * dirmngr/Makefile.am: Avoid $(DNSLIBS) for dirmngr_ldap + * g10/Makefile.am: $(LIBREADLINE) is only for gpg2; gpgv2 does not + need $(LIBASSUAN_LIBS) + * sm/Makefile.am: gpgsm does not need $(ZLIBS) + * tools/Makefile.am: gpgconf does not need $(NPTH_LIBS) + +2014-10-08 Werner Koch <wk@gnupg.org> + + gpg: Avoid error exit if keygrip computations fails in a key listing. + + commit 3ae6afc1336d42bd95fa0b7f5f83bd299ae26b97 + * g10/keyid.c (keygrip_from_pk): Use log_info and clear array on error. + +2014-10-03 Werner Koch <wk@gnupg.org> + + Release 2.1.0-beta864. + + commit 0943c7cc23371943e9670a2f35c318d847cbac6a + + + gpg: Allow creating a cert-only primary key. + + commit bc8583f247898a1fa45f6de834d34b335ab1952c + * g10/keygen.c (ask_key_flags): Allow a 'c' in direct entry. + + build: Add configure options --disable-{ntb,gnu}tls. + + commit 6522a68d8d11e15ee77102e6830f251c2d9f440d + * configure.ac: Add --disable-ntbtls and --disable-gnutls. + +2014-10-03 Andre Heinecke <aheinecke@intevation.de> + + gpg: Check gpg-agent version before 2.1 migration. + + commit a6fcdbc9e0fc0e45a3badc23813e689e83059b61 + * g10/call-agent.c, g10/call-agent.h (agent_get_version): New. + * g10/migrate.c (migrate_secring): Abort migration if + agent_get_version returns not at least 2.1.0 + +2014-10-03 Werner Koch <wk@gnupg.org> + + po: Update German translation. + + commit b15d5d42adf31c0797797ebe19c471ab6f52c668 + + + Remove support for the GPG_AGENT_INFO envvar. + + commit 9c380384dafb213334f8834178c5ceb0bf33db6e + * agent/agent.h (opt): Remove field use_standard_socket. + * agent/command.c (cmd_killagent): Always allow killing. + * agent/gpg-agent.c (main): Turn --{no,}use-standard-socket and + --write-env-file into dummy options. Always return true for + --use-standard-socket-p. Do not print the GPG_AGENT_INFO envvar + setting or set that envvar. + (create_socket_name): Simplify by removing non standard socket + support. + (check_for_running_agent): Ditto. + * common/asshelp.c (start_new_gpg_agent): Remove GPG_AGENT_INFO use. + * common/simple-pwquery.c (agent_open): Ditto. + * configure.ac (GPG_AGENT_INFO_NAME): Remove. + * g10/server.c (gpg_server): Do not print the AgentInfo comment. + * g13/server.c (g13_server): Ditto. + * sm/server.c (gpgsm_server): Ditto. + * tools/gpgconf.c (main): Simplify by removing non standard socket + support. + +2014-10-02 Werner Koch <wk@gnupg.org> + + gpg: Fix regression removing SHA256. + + commit 688a903b4b3ad348c0d09e9d3fab8a12f4f94311 + * g10/misc.c (map_md_openpgp_to_gcry): Always use SHA256. + + First changes for future use of NTBTLS. + + commit f2361e6d582d4343d71d294ed1da654afe7750ee + * configure.ac (NEED_NTBTLS_ABI, NEED_NTBTLS_VERSION): New. + (HTTP_USE_NTBTLS): New. Prefer over GNUTLS. + * m4/ntbtls.m4: New. + * m4/Makefile.am (EXTRA_DIST): Add new file. + * common/http.c: Add conditionals to eventually use NTBTLS. + + build: Update m4 scripts. + + commit 6bc0cd6202033be113999dbf27be4014bdf2c784 + * m4/gpg-error.m4: Update from Libgpg-error git master. + * m4/libgcrypt.m4: Update from Libgcrypt git master. + * configure.ac: Declare SYSROOT a precious variable. Add extra error + message for library configuration mismatches. + +2014-09-29 Werner Koch <wk@gnupg.org> + + doc: Remove GnuPG-1 related parts from gpg.texi. + + commit edd191e5b006dc6ace1d41672e7201cbe58c41c9 + * doc/Makefile.am (YAT2M_OPTIONS): Add 2.1 to the source info. + * doc/gpg.texi: Remove gpg1 related texts. + +2014-09-27 Werner Koch <wk@gnupg.org> + + gpg: Default to SHA-256 for all signature types on RSA keys. + + commit d33246700578cddd1cb8ed8164cfbba50aba4ef3 + * g10/main.h (DEFAULT_DIGEST_ALGO): Use SHA256 in --gnupg and SHA1 in + strict RFC or PGP modes. + * g10/sign.c (make_keysig_packet): Use DEFAULT_DIGEST_ALGO also for + RSA key signatures. + * configure.ac: Do not allow to disable sha256. + + gpg: Simplify command --gen-key and add --full-gen-key. + + commit f3625bb018fa8d5bc754f982996f8788386f0a9d + * g10/gpg.c (aFullKeygen): New. + (opts): Add command --full-key-gen. + (main): Implement it. + * g10/keygen.c (DEFAULT_STD_ALGO): Replace wrong GCRY_PK_RSA although + the value is identical. + (DEFAULT_STD_CURVE): New. + (DEFAULT_STD_SUBALGO): New. + (DEFAULT_STD_SUBKEYSIZE): New. + (DEFAULT_STD_SUBCURVE): New. + (quick_generate_keypair): Use new macros here. + (generate_keypair): Add arg "full" and fix call callers. Do not ask + for keysize in non-full node. + (ask_user_id): Add arg "full" and simplify for non-full mode. + +2014-09-26 Werner Koch <wk@gnupg.org> + + gpg: Add shortcut for setting key capabilities. + + commit 7ff4ea2160e87a16bf701552d3b9c7ab1c42f9ec + * g10/keygen.c (ask_key_flags): Add shortcut '='. + * doc/help.txt (gpg.keygen.flags): New. + +2014-09-25 Werner Koch <wk@gnupg.org> + + gpg: Do not always print dashes in obsolete_option. + + commit 20c6da50d4f6264d26d113d7de606971f719a0ca + * g10/gpg.c (main): Pass option names to obsolete_option without + double dash. + * g10/misc.c (obsolete_option, obsolete_scdaemon_option): Print double + dash only for command line options. + +2014-09-25 Daniel Kahn Gillmor <dkg@fifthhorseman.net> + + gpg: Warn about (but don't fail) on scdaemon options in gpg.conf. + + commit 371c2b14b0347209efd23b4e54e1981a12d7aeab + * g10/gpg.c: Add config options that should belong in scdaemon.conf + * g10/main.h, g10/misc.c (obsolete_scdaemon_option): New. + +2014-09-22 Werner Koch <wk@gnupg.org> + + speedo: Check that wget and gpgv are installed. + + commit 59b6f6f16e095162358ac2001aeb2c058de2fd1e + * build-aux/getswdb.sh: Check for required tools. + + speedo: Autodetect sha1sum tools. + + commit 2427bc5bc76b00cfe790e1f370113f5b4199e8fa + * build-aux/getswdb.sh: Add option --find-sha1sum. + * build-aux/speedo.mk (check-tools): New phony target. Not yet used. + (SHA1SUM): New var. Use it instead of sha1sum. + + gpg: Create default keyring with .kbx suffix. + + commit bc2f5c1d1afbe8ba413e594639fd05f19df32f75 + * g10/keydb.c (maybe_create_keyring_or_box): Rename arg for clarity. + (keydb_add_resource): Fix order of args to maybe_create_keyring_or_box + and check and create .kbx. + +2014-09-20 Werner Koch <wk@gnupg.org> + + gpg: --delete-secret-key - check that a secret key exists. + + commit 1d33d03f0bb576601f5eef1a548cbc519f251b17 + * g10/delkey.c (do_delete_key): Check availibility of a secret key. + + gpg: Make algorithm selection prompt for ECC more clear. + + commit cf648fc5c8cb20bfea4fd303631ba311bbaf3659 + * g10/keygen.c (ask_algo): Change 9 to "ECC and ECC". + +2014-09-18 Werner Koch <wk@gnupg.org> + + Release 2.1.0-beta834. + + commit 93f158df381af86036332c4314c2d4a64eab3e62 + + + speedo: Distribute needed files. + + commit 72a16d80d4505aa0ff509aae41f848bbe42ed129 + * Makefile.am (EXTRA_DIST): Add speedo stuff. + + build: Enable gpgtar by default. + + commit 345a8374f31e637a99e6438e527670cf6845ca05 + + + common: Do not build maintainer modules in non-maintainer mode. + + commit 927db789c19cbe5656ff980841ee37dd3a8989e7 + * common/Makefile.am (module_maint_tests): Use only in maintainer + mode. + (t_common_cflags): New. + + common: Remove superfluous statements. + + commit cad181b5ece3ab6910575c82c731ce2b47271a09 + * common/exechelp-posix.c: Remove weak pragmas. + * common/sexputil.c (make_canon_sexp_from_rsa_pk): Remove double + const. + + g13: Avoid segv after pipe creation failure. + + commit 6e7bcabd781a3ca9ad7dd90d962fb2a239feab4a + * g13/call-gpg.c (gpg_encrypt_blob): Init some vars in case of an + early error. + (gpg_decrypt_blob): Ditto. + + scd: Fix int/short mismatch in format string of app-p15.c. + + commit b17e8bbf20239e840763f98d3e62f16efdc82ba3 + * scd/app-p15.c (parse_certid): Use snprintf and cast value. + (send_certinfo): Ditto. + (send_keypairinfo): Ditto. + (do_getattr): Ditto. + + agent: Init a local variable in the error case. + + commit f82a6e0f08725008c5bbf702a5f4c175ea09f01c + * agent/pksign.c (do_encode_md): Init HASH on error. + + agent: Remove left over debug output. + + commit 4f35ef499ac913036b7b69296a62afe8159b90b8 + * agent/command-ssh.c (ssh_signature_encoder_eddsa): Remove debug + output. + + agent: Silence compiler warning for a debug message. + + commit ba6f8b3d9ec83b35c4f3839853567491fee2f99c + * agent/call-pinentry.c (agent_query_dump_state): Use %p for + POPUP_TID. + + sm: Silence compiler warnings. + + commit 34b2e8c7dcb0edb28f99edbd788d73491334e3c0 + * sm/certreqgen-ui.c (gpgsm_gencertreq_tty): Remove unused var I. + * sm/certreqgen.c (proc_parameters): Init PUBLIC to avoid compiler + warning. + + gpg: Silence a compiler warning. + + commit 6a0c3fa19cfcdd590b96691e8a8ffb48fb5e0ec4 + * g10/parse-packet.c (enum_sig_subpkt): Replace hack. + + gpg: Replace a hash algo test function. + + commit 327134934d79d141d92170ad3b4a6ef3cb718ee0 + * g10/gpg.c (print_mds): Replace openpgp_md_test_algo. + + speedo: Various fixes. + + commit 2f065d7ab6c514013eb8504281f50284764c26ec + * build-aux/speedo.mk: Take zlib and bzip2 from ftp.gnupg.org. Minor + other fixes. + +2014-09-17 Werner Koch <wk@gnupg.org> + + gpg: Print a warning if the subkey expiration may not be what you want. + + commit ae3d1bbb65b65cf3c57bb14886be120f5e31635d + * g10/keyedit.c (subkey_expire_warning): New. + (keyedit_menu): Call it when needed. + + gpg: Improve passphrase caching. + + commit 457bce5cd39146df047e4740162125c32c738789 + * agent/cache.c (last_stored_cache_key): New. + (agent_get_cache): Allow NULL for KEY. + (agent_store_cache_hit): New. + * agent/findkey.c (unprotect): Call new function and try to use the + last stored key. + + * g10/revoke.c (create_revocation): Add arg CACHE_NONCE and pass to + make_keysig_packet. + (gen_standard_revoke): Add arg CACHE_NONCE and pass to + create_revocation. + * g10/keygen.c (do_generate_keypair): Call gen_standard_revoke with + cache nonce. + +2014-09-12 Werner Koch <wk@gnupg.org> + + gpg: Use algorithm id 22 for EdDSA. + + commit 83c2d2396cc9fa6bdd887a560830fc0f48b01b08 + * common/openpgpdefs.h (PUBKEY_ALGO_EDDSA): Change to 22. + * g10/keygen.c (ask_curve): Reword the Curve25519 warning note. + +2014-09-11 Werner Koch <wk@gnupg.org> + + gpg: Stop early on bogus old style comment packets. + + commit 3d250d21d36e8a0935b645f1ed5134ef9083530e + * g10/parse-packet.c (parse_key): Take care of too short packets for + old style commet packets. + +2014-09-10 Werner Koch <wk@gnupg.org> + + dirmngr: Support https for KS_FETCH. + + commit 84419f42da0fd436a9e0e669730157e74ce38b77 + * dirmngr/ks-engine-hkp.c (cert_log_cb): Move to ... + * dirmngr/misc.c (cert_log_cb): here. + * dirmngr/ks-engine-http.c (ks_http_fetch): Support 307-redirection + and https. + + dirmngr: Fix the ks_fetch command for the http scheme. + + commit 3b20cc21de86ac8a475bdefd3aebb02a12fb8d0b + * common/http.c (http_session_ref): Allow for NULL arg. + +2014-09-08 Werner Koch <wk@gnupg.org> + + gpg: Fix memory leak in ECC encryption. + + commit 98f65291d7abecc1e4d618125f33b6ce759e0892 + * g10/pkglue.c (pk_encrypt): Fix memory leak and streamline error + handling. + +2014-09-02 Werner Koch <wk@gnupg.org> + + gpg: Fix export of NIST ECC keys. + + commit bf2fc12b83b45953f7afa403b8d91c36d0b50ec9 + * common/openpgp-oid.c (struct oidtable): New. + (openpgp_curve_to_oid): Rewrite and allow OID as input. + (openpgp_oid_to_curve): Make use of the new table. + + agent: Fix import of OpenPGP EdDSA keys. + + commit afe85582ddc2ebc285728bf6417f8929fd0b3281 + * agent/cvt-openpgp.c (get_keygrip): Special case EdDSA. + (convert_secret_key): Ditto. + (convert_transfer_key): Ditto. + (apply_protection): Handle opaque MPIs. + + (do_unprotect): Check FLAG_OPAQUE instead of FLAG_USER1 before + unpacking an opaque mpi. + +2014-09-01 Kyle Butt <kylebutt@gmail.com> + + gpg: Fix export of ecc secret keys by adjusting check ordering. + + commit 4054d86abcb7ad953ed9e988b1765cb9266faefd + * g10/export.c (transfer_format_to_openpgp): Move the check against + PUBKEY_MAX_NSKEY to after the ECC code adjusts the number of + parameters. + +2014-09-01 Werner Koch <wk@gnupg.org> + + agent: Allow key unprotection using AES-256. + + commit c913e09ebdbb1a1e9838a0a5897448841f5e9bc3 + * agent/protect.c (PROT_CIPHER): Rename to GCRY_CIPHER_AES128 for + clarity. + (do_decryption): Add args prot_cipher and prot_cipher_keylen. USe + them instead of the hardwired values. + (agent_unprotect): Change to use a table of protection algorithms. + Add AES-256 variant. + +2014-08-28 Werner Koch <wk@gnupg.org> + + gpg: Do not show "MD5" and triplicated "RSA" in --version. + + commit be98b5960ebd48929c399b0b91c95bfc0cb9749b + * g10/gpg.c (build_list_pk_test_algo): Ignore RSA aliases + (build_list_md_test_algo): Ignore MD5. + + gpg: Do not show "MD5" and triplicated "RSA" in --version. + + commit 40ad42dbe3c67d8103aedb6b584f4bedc5f93307 + * g10/gpg.c (build_list_pk_test_algo): Ignore RSA aliases + (build_list_md_test_algo): Ignore MD5. + +2014-08-26 Werner Koch <wk@gnupg.org> + + gpg: Remove CAST5 from the default prefs and order SHA-1 last. + + commit 15cfd9a3bcdd561091a28c8f989c616b87348463 + * g10/keygen.c (keygen_set_std_prefs): Update prefs. + + Switch to the libgpg-error provided estream. + + commit 519305feb888b529c005b40445d041a088a2f8fc + * configure.ac (NEED_GPG_ERROR_VERSION): Reguire 1.14. + (GPGRT_ENABLE_ES_MACROS): Define. + (estream_INIT): Remove. + * m4/estream.m4: Remove. + * common/estream-printf.c, common/estream-printf.h: Remove. + * common/estream.c, common/estream.h: Remove. + * common/init.c (_init_common_subsystems): Call gpgrt initialization. + + gpg: Allow for positional parameters in the passphrase prompt. + + commit a731c22952278c12c601b73d7581fda3a15a4b5b + * g10/passphrase.c (passphrase_get): Replace sprintf by xasprintf. + +2014-08-20 Werner Koch <wk@gnupg.org> + + gpg: Fix "can't handle public key algorithm" warning. + + commit cb680c5ea540738692a5c74951802b0fdc658e85 + * g10/parse-packet.c (unknown_pubkey_warning): Check for encr/sign + capabilities. + +2014-08-19 Werner Koch <wk@gnupg.org> + + speedo: Get version numbers from online database. + + commit 31649e72fd106a990614ce3cf720640a841ba722 + * build-aux/getswdb.sh: New. + * build-aux/speedo.mk: Get release version numbers from swdb.lst. + + build: Create VERSION file via autoconf. + + commit 4fc1c712e986f280057b1bce7ca4696ba6d95dfc + * Makefile.am (dist-hook): Remove creation of VERSION. + (EXTRA_DIST): Add VERSION. + * configure.ac: Let autoconf create VERSION. + +2014-08-18 Werner Koch <wk@gnupg.org> + + gpg: Install the current release signing pubkey. + + commit e5da80bc1888bf8801e69c9ff99f7f47550f7a09 + * g10/distsigkey.gpg: New. + + agent: Return NO_SECKEY instead of ENONET for PKSIGN and others. + + commit 3981ff15f3c0829ba22cd37794353502d996683c + * agent/pksign.c (agent_pksign_do): Replace ENONET by NO_SECKEY. + * agent/findkey.c (agent_key_from_file): No diagnostic for NO_SECKEY. + * agent/pkdecrypt.c (agent_pkdecrypt): Replace checking for ENOENT. + + kbx: Make user id and signature data optional for OpenPGP. + + commit e4aa006e4807285ffdd881e4e05af3bc47c5c964 + * kbx/keybox-blob.c (_keybox_create_openpgp_blob): Remove restriction. + + gpg: Change default cipher for --symmetric from CAST5 to AES-128. + + commit 57df1121c18b004dd763b35eabf7b51fc9e8ec38 + * g10/main.h (DEFAULT_CIPHER_ALGO): Chhange to AES or CAST5 or 3DES + depending on configure option. + * g10/gpg.c (main): Set opt.s2k_cipher_algo to DEFAULT_CIPHER_ALGO. + + yat2m: Support @set and @value. + + commit 425d0750168f6b66a5d78a857cf21375a8f129eb + * doc/yat2m.c (variablelist): New. + (set_variable): New. + (macro_set_p): Also check the variables. + (proc_texi_cmd): Support the @value command. + (parse_file): Support the @set command. + (top_parse_file): Release variablelist. + + yat2m: Support the $* command for man page rendering. + + commit 7e51ef0f77962f5fb215da53817caf28899ca190 + + +2014-08-17 Werner Koch <wk@gnupg.org> + + estream: Change license from GPL to LPGL. + + commit af1196512f505e8a3a338f9b72394fa3585a5234 + * common/estream-printf.c, common/estream-printf.h: Change license. + * common/estream.c, common/estream.h: Ditto. + +2014-08-14 Werner Koch <wk@gnupg.org> + + Release 2.1.0-beta783. + + commit a13198d9bcee368a8de7a401feb017efc83ff795 + + + po: Update the German (de) translation. + + commit fe9ff33b9dc8793957998341cf4bcf5e50827b41 + + + sm: Create homedir and lock empty keybox creation. + + commit c4b60cdae8dbf68206fd105fd09adeb61a9dafe4 + * sm/gpgsm.h (opt): Add field "no_homedir_creation". + * sm/gpgsm.c (main): Set it if --no-options is used. + * sm/keydb.c (try_make_homedir): New. Similar to the one from + g10/openfile.c. + (maybe_create_keybox): New. Similar to the one from g10/keydb.c. + (keydb_add_resource): Replace some code by maybe_create_keybox. + + gpg: Screen keyserver responses. + + commit c23c18c1543d1ff58f0f78baaa6a8e319c659ecb + * g10/main.h (import_screener_t): New. + * g10/import.c (import): Add screener callbacks to param list. + (import_one): Ditto. + (import_secret_one): Ditto. + (import_keys_internal): Ditto. + (import_keys_stream): Ditto. + * g10/keyserver.c (struct ks_retrieval_screener_arg_s): New. + (keyserver_retrieval_screener): New. + (keyserver_get): Pass screener to import_keys_es_stream(). + + scd: Minor changes to app-sc-hsm. + + commit a61b28df1f29b1e306115282ec1ce580fa54945a + * scd/app-sc-hsm.c: Re-indendet some parts and set some vars to NULL + after xfree for improbed robustness. + (read_ef_prkd): Replace serial operator by blocks for better + readability. + (apply_PKCS_padding): Rewrite for easier auditing. + (strip_PKCS15_padding): Ditto. Add stricter check on SRCLEN. + + gpg: Disable an MD5 workaround for pgp2 by default. + + commit ae29b52119aa419989b773b2d6abb6e287dfc81b + * g10/sig-check.c (do_check): Move some code to ... + * g10/misc.c (print_md5_rejected_note): new function. + * g10/mainproc.c (proc_tree, proc_plaintext): Enable MD5 workaround + only if option --allow-weak-digest-algos is used. + + gpg: Remove options --pgp2 and --rfc1991. + + commit 2b8d8369d59249b89526c18c5ac276e6445dc35e + * g10/gpg.c (oRFC1991, oPGP2): Remove + (opts): Remove --pgp2 and --rfc1991. + * g10/options.h (CO_PGP2, CO_RFC1991): Remove. Remove all users. + (RFC2440, PGP2): Remove. Remove all code only enabled by these + conditions. + * tests/openpgp/clearsig.test: Remove --rfc1991 test. + + build: Fix autogen.sh base version hack. + + commit 49c9a958e0b786850309bca555d4465c97d337e1 + * autogen.sh <find-version>: Fix. + + gpg: Remove --compress-keys and --compress-sigs feature. + + commit 71b55e91f02cdb65a8884892f71c4c7bf8a75247 + * g10/gpg.c (oCompressKeys, oCompressSigs): Remove. + (opts): Turn --compress-keys and --compress-signs in NOPs. + * g10/options.h (opt): Remove fields compress_keys and compress_sigs. + * g10/export.c (do_export): Remove compress_keys feature. + * g10/sign.c (sign_file): Remove compress_sigs feature. + +2014-08-13 Werner Koch <wk@gnupg.org> + + gpg: Add list-option "show-usage". + + commit 7d0492075ea638607309b3ea6a792b0e95ea7d98 + * g10/gpg.c (parse_list_options): Add "show-usage". + * g10/options.h (LIST_SHOW_USAGE): New. + * g10/keyid.c (usagestr_from_pk): Add arg FILL. Change caller. + * g10/keylist.c (list_keyblock_print): Print usage info. + +2014-08-12 Werner Koch <wk@gnupg.org> + + gpg: Make --with-colons work again for --search-keys. + + commit a57c33c855c6757c8770529ee71f0f90744cd7a6 + * g10/keyserver.c (search_line_handler): Replace log_debug by + es_printf. + +2014-08-08 NIIBE Yutaka <gniibe@fsij.org> + + po: Update Japanese translation. + + commit 2d9f76e07082fc231303ac2c6ae1aea3c98fa2e4 + + +2014-07-25 Werner Koch <wk@gnupg.org> + + scd: Minor and editorial changes to app-sc-hsm.c. + + commit 2e936915cf2f830e60d974d607b08822645f5753 + * scd/app-sc-hsm.c (select_and_read_binary): Use SW_ macro. + (parse_certid): Remove useless test. + (send_certinfo, send_keypairinfo): Shrink malloc to the needed size. + (do_getattr): Ditto. + (verify_pin): Use SW_ macro. + (do_decipher): Replace OFS variable and extend comment. + + scd: Add a new status word code. + + commit e49c851ff54d5ecf856411bf6cdee721695ea172 + * scd/apdu.h (SW_REF_DATA_INV): New. + * scd/apdu.c (apdu_strerror): Add string. + +2014-07-25 Andreas Schwier <andreas.schwier@cardcontact.de> + + scd: Support for SmartCard-HSM. + + commit 8eb9224f32ddf1c9e1490c4d9688a177f8b6ae64 + * scd/app-sc-hsm.c: New. + * scd/app.c (select_application, get_supported_applications): Register + new app. + +2014-07-25 Werner Koch <wk@gnupg.org> + + gpg: Switch to an EdDSA format with prefix byte. + + commit 557cc11a605dd280d03c52d8b546deed8c4c714d + * g10/keygen.c (gen_ecc): USe "comp" for EdDSA. + +2014-07-23 Werner Koch <wk@gnupg.org> + + agent: Show just one warning with all failed passphrase constraints. + + commit b3378b3a56fc90ba8ae38e6298b23a378305af32 + * agent/genkey.c (check_passphrase_constraints): Build a final warning + after all checks. + + agent: Only one confirmation prompt for an empty passphrase. + + commit a24510d53bb23e3a680ed2c306e576268c07060d + * agent/genkey.c (check_passphrase_constraints): Moev empty passphrase + check to the front. + + gpg: Add command --quick-gen-key. + + commit ea186540db5b418bc6f6e5ca90337672c9981c88 + * g10/gpg.c (aQuickKeygen): New. + * g10/misc.c (is_valid_user_id): New stub. + * g10/keygen.c (quickgen_set_para): New. + (quick_generate_keypair): New. + + common: Add cpr_get_answer_is_yes_def() + + commit 75127bc4561787aa9bc1cf976658e20192446d7f + * g10/cpr.c (cpr_get_answer_is_yes): Factor code out to .... + (cpr_get_answer_is_yes_def): ...new. + + gpg: Make --quick-sign-key promote local key signatures. + + commit 17404b2fccbc74c4f0b2364cc08e9dcc64175cf8 + * g10/keyedit.c (sign_uids): Promote local sigs in quick mode. + +2014-07-22 Werner Koch <wk@gnupg.org> + + scd: Do not use the pcsc-wrapper. + + commit bc6b452129178658da7241903ca2174c79281752 + * scd/apdu.c (NEED_PCSC_WRAPPER): Do not define. + * scd/Makefile.am (libexec_PROGRAMS): Remove gnupg-pcsc-wrapper + (gnupg_pcsc_wrapper_SOURCES): Remove. + (gnupg_pcsc_wrapper_LDADD): Remove. + (gnupg_pcsc_wrapper_CFLAGS): Remove. + +2014-07-21 Werner Koch <wk@gnupg.org> + + gpg: Improve --list-packets output for faulty packets. + + commit 5b34e347b612765f31061d077b7c343e08662ba9 + * g10/parse-packet.c: Add list_mode output for certain failures. + + gpg: Cap size of attribute packets at 16MB. + + commit bab9cdd971f35ff47e153c00034c95e7ffeaa09a + * g10/parse-packet.c (parse_attribute): Avoid xmalloc failure and cap + size of packet. + +2014-07-03 Werner Koch <wk@gnupg.org> + + Release 2.1.0-beta751. + + commit 5ae34f574baca2b98a09fd982c941855558408e1 + + + gpg: Make show-uid-validity the default. + + commit 5214d8f02bf65fb0a4af15ff80cf1369ccd4c167 + + + tests: Fix end-of-all-ticks test for Western locales. + + commit 3533860ee316918dd47501c53e910bfd0032b39d + * common/t-timestuff.c (test_timegm): Use timegm if available. + (main): Set TX to UTC if timegm is not available. + +2014-07-03 Kristian Fiskerstrand <kf@sumptuouscapital.com> + + gpg: Spelling error. + + commit b51af333bdf77c042c9fe748616e80d1f5e4d3f9 + + +2014-06-30 Werner Koch <wk@gnupg.org> + + gpg: Auto-create revocation certificates. + + commit 03018ef9eec75e4d91ea53c95547a77dedef8f80 + * configure.ac (GNUPG_OPENPGP_REVOC_DIR): New config define. + * g10/revoke.c (create_revocation): Add arg "leadin". + (gen_standard_revoke): New. + * g10/openfile.c (get_openpgp_revocdir): New. + (open_outfile): Add MODE value 3. + * g10/keyid.c (hexfingerprint): New. + * g10/keygen.c (do_generate_keypair): Call gen_standard_revoke. + + estream: Fix minor glitch in "%.*s" format. + + commit aa5b4392aac99382d96be94782ae745e0a42484a + * common/estream-printf.c (pr_string): Take care of non-nul terminated + strings. + + gpg: Rearrange code in gen_revoke. + + commit 3a01b220715b3d1a90d94353e4980ab5a1ea8f26 + * g10/revoke.c (gen_revoke): Factor some code out to ... + (create_revocation): new. + + gpg: Create exported secret files and revocs with mode 700. + + commit c434de4d83ccfaca8bde51de5c2ac8d9656e4e18 + * common/iobuf.c (direct_open): Add arg MODE700. + (iobuf_create): Ditto. + * g10/openfile.c (open_outfile): Add arg RESTRICTEDPERM. Change call + callers to pass 0 for it. + * g10/revoke.c (gen_desig_revoke, gen_revoke): Here pass true for new + arg. + * g10/export.c (do_export): Pass true for new arg if SECRET is true. + + common: Minor code cleanup for a legacy OS. + + commit 35fdfaa0b94342c53eb82eea155a37ad4009fa9f + * common/iobuf.c (direct_open) [__riscos__]: Simply cpp conditionals. + +2014-06-27 Werner Koch <wk@gnupg.org> + + speedo: Fix the w32 installer name. + + commit adad1872b448593275d8cae06dffe376bee067b5 + + + po: Update some strings of the French (fr) translation. + + commit 1ef7870fc96f6dd8137e9bfabf9b06787f75dffd + + + po: Update the German (de) translation. + + commit c2e3eb98884785e6794dc79c1a53d75945f4c1ab + + + agent: Adjust for changed npth_eselect under W32. + + commit a1dff86da8ebaab6e154360f538ca9d43a6c4934 + * agent/gpg-agent.c (handle_connections) [W32]: Make events_set an + unsigned int to match the changed prototype. + + dirmngr: Use the homedir based socket also under W32. + + commit 5e1f9b5e1427688ac340f0829e02bece7f0caf9c + * common/homedir.c (dirmngr_user_socket_name): Use same code for all + platforms. + +2014-06-27 Yuri Chornoivan <yurchor@ukr.net> + + po: Update and enable Ukrainian (uk) translation. + + commit 2c4025576105a9deb78e1cfb22c11af4af09c4fa + + + Fix typos in messages. + + commit e56a2d6a56d95c0f169506a8dc74a845c22b699d + + +2014-06-27 Werner Koch <wk@gnupg.org> + + build: Remove unused options. + + commit 2540a4b674a17b45ec33f43f26e830e74ff0afed + * configure.ac: Remove option --build-agent-only. + (FAKE_CURL, GPGKEYS_CURL): Remove check for cURL + (GPGKEYS_MAILTO): Remove ac_subst but keep the currently unused + SENDMAIL check. + (GPGKEYS_KDNS): Remove ac_subst. + * autogen.rc (final_info): Remove suggestion to use the removed option + --enable-mailto. + +2014-06-27 NIIBE Yutaka <gniibe@fsij.org> + + scd: Add pinpad support for REINER SCT cyberJack go. + + commit 73ba75ad8b933beddd2c3f4b66937b56faa0a2d8 + * scd/ccid-driver.h (VENDOR_REINER, CYBERJACK_GO): New. + * scd/ccid-driver.c (ccid_transceive_secure): Handle the case for + VENDOR_REINER. Original work was by Alina Friedrichsen (tiny change). + +2014-06-27 Werner Koch <wk@gnupg.org> + + scd: Support reader Gemalto IDBridge CT30. + + commit 24be0f24d3a9325a04de10ae0e5e277bf28a74fe + * scd/ccid-driver.h (GEMPC_CT30): New product id. + * scd/ccid-driver.c (parse_ccid_descriptor): Add quirk for that + reader. + +2014-06-26 Werner Koch <wk@gnupg.org> + + gpg: Limit keysize for unattended key generation to useful values. + + commit 03f0b51fe454f8dbe77c302897f7a5899c4c5380 + * g10/keygen.c (gen_elg): Enforce keysize 1024 to 4096. + (gen_rsa): Enforce keysize 1024 to 4096. + (gen_dsa): Enforce keysize 768 to 3072. + + Enable DNS SRV records again. + + commit c0d1e7fca95629e1cddd7d129fa51b9a6556cb70 + * configure.ac (GPGKEYS_HKP, GPGKEYS_FINGER): Remove ac_subst. + (use_dns_srv): Make test work. + + agent: Fix export of RSA keys to OpenPGP. + + commit 9a034acf8ab6f85c65ccc75a4fd7b8dd47b73e3a + * agent/cvt-openpgp.c (convert_transfer_key): Fix sexp build format + string. + + gpg,gpgsm: Simplify wrong_args function. + + commit 572502bd2c0637429bca547ba882629640477495 + + + speedo: "make clean-gnupg" may not remove the source. + + commit c029a184d6a1a96c6de234835fff97d4e946b19c + * build-aux/speedo.mk (clean-$(1)): Take care of gnupg. + + gpgsm: Fix default config name. + + commit 2480b0253166712a2f20b92f34c8e4c2db0fc26f + + +2014-06-25 Werner Koch <wk@gnupg.org> + + doc: Improve the rendering of the manual. + + commit b5f95c1b566f9530127f3f34e10d120a951cf428 + + + doc: Update for modern makeinfo. + + commit f149e05427a370f5985bc3fb142370b043f19924 + * doc/texi.css: Remove. + * doc/Makefile.am (AM_MAKEINFOFLAGS): Use --css-ref. + + gpg: Allow key-to-card upload for cert-only keys. + + commit f171fd226e84311f92545ca0494771db07ba777d + * g10/card-util.c (card_store_subkey): Allo CERT usage for key 0. + +2014-06-24 Werner Koch <wk@gnupg.org> + + doc: Add conditionals for GnuPG-1. + + commit 2c8e00137a340d04f0836f75e138dd85f8c9eff7 + + +2014-06-20 Werner Koch <wk@gnupg.org> + + gpg: Make export of ECC keys work again. + + commit f4fcaa29367daacfe0ca209fa83dfa8640ace276 + * agent/cvt-openpgp.c (convert_to_openpgp): Use the curve name instead + of the curve parameters. + * g10/export.c (canon_pubkey_algo): Rename to ... + (canon_pk_algo): this. Support ECC. + (transfer_format_to_openpgp): Expect curve name. + + gpg: Avoid infinite loop in uncompressing garbled packets. + + commit d6ca407a27877174c10adfae9dc601bea996cf27 + * g10/compress.c (do_uncompress): Limit the number of extra FF bytes. + +2014-06-17 Kristian Fiskerstrand <kf@sumptuouscapital.com> + + gpg: Fix a couple of spelling errors. + + commit 3f17b74aa57ac1ea2f3aa93dec4889778a21afeb + + +2014-06-17 Werner Koch <wk@gnupg.org> + + speedo: Support building from dist-source generated tarball. + + commit 47e63dc00169030b6ff01ab67e73e52aec1395db + + +2014-06-13 Werner Koch <wk@gnupg.org> + + http: Print human readable GNUTLS status. + + commit 5bf04522e353675e4c3eda118fee2580756704a2 + * common/http.c (send_gnutls_bye): Take care of EAGAIN et al. + (http_verify_server_credentials): Print a human readable status. + +2014-06-12 Werner Koch <wk@gnupg.org> + + gpg: Improve the output of --list-packets. + + commit d8314e31c58ea0827d0e2361dabcdf869ab08fce + * g10/parse-packet.c (parse): Print packet meta info in list mode. + +2014-06-11 Werner Koch <wk@gnupg.org> + + speedo: Improve building of the w32 installer. + + commit 6eeb31abee82cb2016bf054cd302af64f6dfdc2e + * build-aux/speedo.mk: Change name of build directory to PLAY. + Improve the dist-source target. + * build-aux/speedo/w32/gdk-pixbuf-loaders.cache: Add a blank + line (plus comment). + * build-aux/speedo/w32/inst.nsi: Change name of file to gnupg-w32-*. + Install more tools. + +2014-06-10 Werner Koch <wk@gnupg.org> + + speedo: Revamped speedo and include a w32 installer. + + commit e06d5d1a3b4a5c446a27d64cd2da0e48ccec5601 + * build-aux/speedo/: New. + * build-aux/speedo/w32/: New. + + build: Add more options to autogen.sh. + + commit 0399d87f7aaf2f2126a63899004c5c7bffd4346b + * autogen.sh: Add options --print-host and --print-build. + + w32: Fix build problem with dirmngr. + + commit 141d69cb2a94a752244e89f49611923a2f184dfd + * dirmngr/ks-engine-hkp.c (EAI_SYSTEM) [W32]: Add replacement + constant. + + gpg: Use more specific reason codes for INV_RECP. + + commit 45ed901c466bd72118c2844069f566e190d847d6 + * g10/pkclist.c (find_and_check_key, build_pk_list): Use more specific + reasons codes for INV_RECP. + +2014-06-06 Werner Koch <wk@gnupg.org> + + Improve the beta number generation. + + commit b67e4e523e6d19d384e23c5bb03010caebd150e7 + * autogen.sh: Add option --find-version + * configure.ac: Rework the setting of the mym4_ variables. + +2014-06-05 Werner Koch <wk@gnupg.org> + + Remove keyserver helper code. + + commit 23712e69d3f97df9d789325f1a2f2f61e7d5bbb4 + * configure.ac: Remove keyserver helper related stuff. + * Makefile.am (SUBDIRS): Remove keyserver. + * keyserver/Makefile.am: Remove. + + gpg: Require confirmation for --gen-key with experimental curves. + + commit 9c9e26d41e7d65711da8dbf1afa452254749621c + * g10/keygen.c (ask_curve): Add arg both. Require confirmation for + Curve25519. + + gpg: Auto-migrate existing secring.gpg. + + commit 4f0625889b768eabdec52696bf15059a9e8d9c02 + * g10/migrate.c: New. + * g10/import.c (import_old_secring): New. + (import_one): Add arg silent. + (transfer_secret_keys): Add arg batch. + (import_secret_one): Add args batch and for_migration. + * g10/gpg.c (main): Call migration function. + +2014-06-04 Werner Koch <wk@gnupg.org> + + gpgsm: Fix commit be07ed65. + + commit 09a2d4ec74d352dcb4f006aab60b07bc4f5f1a37 + * sm/server.c (option_handler): Use "with-secret". + +2014-06-03 Werner Koch <wk@gnupg.org> + + Add new option --with-secret. + + commit be07ed65e169a7ec3fbecdb1abf988fc0245d9ff + * g10/gpg.c: Add option --with-secret. + * g10/options.h (struct opt): Add field with_secret. + * g10/keylist.c (public_key_list): Pass opt.with_secret to list_all + and list_one. + (list_all, list_one): Add arg mark_secret. + (list_keyblock_colon): Add arg has_secret. + * sm/gpgsm.c: Add option --with-secret. + * sm/server.c (option_handler): Add option "with-secret". + * sm/gpgsm.h (server_control_s): Add field with_secret. + * sm/keylist.c (list_cert_colon): Take care of with_secret. Also move + the token string from the wrong field 14 to 15. + + gpgsm: New commands --export-secret-key-{p8,raw} + + commit 0beec2f0f255a71f9d5a4a0729d0259f673e8838 + * sm/gpgsm.c: Add new commands. + * sm/minip12.c (build_key_sequence): Add arg mode. + (p12_raw_build): New. + * sm/export.c (export_p12): Add arg rawmode. Call p12_raw_build. + (gpgsm_p12_export): Ditto. + (print_short_info): Print the keygrip. + +2014-06-02 Werner Koch <wk@gnupg.org> + + gpg: Avoid NULL-deref in default key listing. + + commit 958e5f292fa3f8e127f54bc088c56780c564dcae + * g10/keyid.c (hash_public_key): Take care of NULL keys. + * g10/misc.c (pubkey_nbits): Ditto. + + gpg: Simplify default key listing. + + commit f3249b1c4d0f2e9e0e8956042677e47fc9c6f6c0 + * g10/mainproc.c (list_node): Rework. + + gpg: Graceful skip reading of corrupt MPIs. + + commit d9cde7ba7d4556b216f062d0cf92d60cbb204b00 + * g10/parse-packet.c (mpi_read): Change error message on overflow. + + gpgsm: Handle re-issued CA certificates in a better way. + + commit 715285bcbc12c024dbd9b633805189c09173e317 + * sm/certchain.c (find_up_search_by_keyid): Consider all matching + certificates. + (find_up): Add some debug messages. + + gpgsm: Add a way to save a found state. + + commit 42c043a8ad542c131917879c9b458f234b4bb645 + * kbx/keybox-defs.h (keybox_found_s): New. + (keybox_handle): Factor FOUND out to above. Add saved_found. + * kbx/keybox-init.c (keybox_release): Release saved_found. + (keybox_push_found_state, keybox_pop_found_state): New. + + * sm/keydb.c (keydb_handle): Add field saved_found. + (keydb_new): Init it. + (keydb_push_found_state, keydb_pop_found_state): New. + + gpg: Fix bug parsing a zero length user id. + + commit 99972bd6e9abea71f270284f49997de5f00208af + * g10/getkey.c (get_user_id): Do not call xmalloc with 0. + + * common/xmalloc.c (xmalloc, xcalloc): Take extra precaution not to + pass 0 to the arguments. + +2014-05-19 Werner Koch <wk@gnupg.org> + + dirmngr: Print certificates on failed TLS verification. + + commit 9e1c99f8009f056c39a7465b91912c136b248e8f + * dirmngr/ks-engine-hkp.c (cert_log_cb): New. + (send_request): Set callback. + + http: Add callback to help logging of server certificates. + + commit 45f15b2d767d4068f79fd5b123e9eeae08a0616d + * common/http.c (http_session_s): Add field cert_log_cb. + (http_session_set_log_cb): New. + (http_verify_server_credentials): Call callback. + +2014-05-16 Werner Koch <wk@gnupg.org> + + keyserver: Improve support for hkps pools. + + commit d2d9d4fb60e3f2160af6252335364d3aac4b7d17 + * dirmngr/ks-engine-hkp.c (hostinfo_s): Add fields cname, v4addr, and + v6addr. + (create_new_hostinfo): Clear them. + (my_getnameinfo): Add args numeric and r_isnumeric. + (is_ip_address): New. + (map_host): Add arg r_host. Rewrite the code to handle pools in a + special way. + (ks_hkp_print_hosttable): Change format of help info output. + (make_host_part): Add arg optional r_httphost. + (send_request): Add arg httphost. + (ks_hkp_search, ks_hkp_get, ks_hkp_put): Get httphost and pass it to + send_request. + + http: Allow overriding of the Host header. + + commit 8b90d79818355b81ce223e1cb96cd0c939096fe2 + * common/http.c (http_open): Add arg httphost. + (http_open_document): Pass NULL for httphost. + (send_request): Add arg httphost. If given, use HTTPHOST instead of + SERVER. Use https with a proxy if requested. + (http_verify_server_credentials): Do not stop at the first error + message. + * dirmngr/ocsp.c (do_ocsp_request): Adjust call to http_open. + * keyserver/curl-shim.c (curl_easy_perform): Ditto. + * dirmngr/ks-engine-http.c (ks_http_fetch): Ditto. + * dirmngr/ks-engine-hkp.c (ks_hkp_help): Ditto. + +2014-05-14 Werner Koch <wk@gnupg.org> + + gpg: Fix uninitialized access to search descindex with gpg keyboxes. + + commit 25036ec6abbc0c9d0003dcfe227724038c35a304 + * kbx/keybox-search.c (keybox_search): Add arg R_DESCINDEX. Chnage + both callers. + * g10/keydb.c (keydb_search): Always set DESCINDEX. + + w32: Make make_absfilename work with drive letters. + + commit 71fa6a35107d4d4547eb9155d7c2612b6a6a16fb + * common/stringhelp.c (do_make_filename) [HAVE_DRIVE_LETTERS]: Fix. + + gpg: Remove useless diagnostic in MDC verification. + + commit 455a4a2212302c05095e736b127f647e95714fe7 + * g10/decrypt-data.c (decrypt_data): Do not distinguish between a bad + MDC packer header and a bad MDC. + + gpg: Fix glitch entering a full expiration time. + + commit b2945c451d3d3f25ba11a9fe88c6cbf3f88c2fb5 + * g10/keygen.c (ask_expire_interval): Get the current time after the + prompt. + +2014-05-08 Werner Koch <wk@gnupg.org> + + agent: Fix import of non-protected gpg keys. + + commit 4aeb02562c9db4b96366220b781e2b4fa2d6fd3b + * agent/cvt-openpgp.c (do_unprotect): Return an s-exp also for + non-protected keys. + (convert_from_openpgp_main): Do not call agent_askpin for a + non-protected key. + + Make more use of *_NAME macros. + + commit cb2aeb4e1157fc0d7dc25d94115973422dc1a800 + * configure.ac (GPG_DISP_NAME, GPGSM_DISP_NAME): New. + (GPG_AGENT_DISP_NAME, SCDAEMON_DISP_NAME): New. + (DIRMNGR_DISP_NAME, G13_DISP_NAME): New. + (GPGCONF_DISP_NAME): New. + (SCDAEMON_SOCK_NAME): New. + * common/argparse.c (show_help): Map description string. + +2014-05-08 NIIBE Yutaka <gniibe@fsij.org> + + agent: Fix auth key comment handling. + + commit fb24808db9af9dfe36f9f6d7fc24e0b903ecc12c + * agent/command-ssh.c (ssh_send_key_public): Handle the case with no + comment. + +2014-05-07 Werner Koch <wk@gnupg.org> + + Make -jN work again. + + commit 57011da53e43f9c8a6c7e7314166c3e17ff8627a + * common/Makefile.am ($(PROGRAMS)): New rule + (t_http_LDADD): Use libcommontls.a without directory prefix. + * dirmngr/Makefile.am ($(PROGRAMS)): New rule. + + gpg: Print the key algorithm/curve with signature info. + + commit 359c643d747c890f73f68b42e0aeb896016f05fd + * g10/mainproc.c (check_sig_and_print): Print the name and curve. + + gpg: Fix memleak in signature verification of bogus keys. + + commit e73edfb1759d05121ea66f67c775e763bf47d737 + * g10/mainproc.c (check_sig_and_print): Factor common code out to ... + (print_good_bad_signature): here. + + gpg: Mark experimental algorithms in the key listing. + + commit 09055aa0f7993aaf4dcffdd80d8192945ae6080a + * g10/keylist.c (list_keyblock_print): Remove duplicate curve name. + Print a note for experimental algorithms. + * g10/misc.c (print_pubkey_algo_note): Fix warning message. + + gpg: Finish experimental support for Ed25519. + + commit 8fee6c1ce6d116fe7909dbe1184d95bc91305484 + * agent/cvt-openpgp.c (try_do_unprotect_arg_s): Add field "curve". + (get_keygrip): Add and use arg CURVE. + (convert_secret_key): Ditto. + (convert_transfer_key): Ditto. + (get_npkey_nskey): New. + (prepare_unprotect): Replace gcrypt functions by + get_npkey_nskey. Allow opaque MPIs. + (do_unprotect): Use CURVE instead of parameters. + (convert_from_openpgp_main): Ditto. + (convert_to_openpgp): Simplify. + * g10/import.c (one_mpi_from_pkey): Remove. + (transfer_secret_keys): Rewrite to use the curve instead of the + parameters. + * g10/parse-packet.c (parse_key): Mark protected MPIs with USER1 flag. + + * common/openpgp-oid.c (openpgp_curve_to_oid): Allow the use of + "NIST P-256" et al. + * g10/keygen.c (ask_curve): Add arg ALGO. + (generate_keypair): Rewrite the ECC key logic. + + * tests/openpgp/ecc.test: Provide the "ecc" passphrase. + + kbx: Add experimental support for EDDSA. + + commit bdb9c2b314400da9155b8a924e22e486793dda89 + * kbx/keybox-openpgp.c (parse_key): Use algo constants and add + experimental support for EdDSA. + + agent: Remove greeting message. + + commit a63ed9875830e5b3b4d48b7d97d24c18de36b326 + * agent/gpg-agent.c (main): Remove greeting. Make --no-greeting a + dummy. + +2014-05-06 Werner Koch <wk@gnupg.org> + + Use "samethread" mode keyword for some es_fopenmem. + + commit 6477e51919ef97f0f9cc05d10cdc7aa2b89faafe + * dirmngr/ks-engine-hkp.c (armor_data): Add mode keyword. + * g10/call-dirmngr.c (ks_put_inq_cb): Ditto. + * scd/atr.c (atr_dump): Ditto. + +2014-05-05 Werner Koch <wk@gnupg.org> + + dirmngr: Add support for hkps keyservers. + + commit 60e2fc7d38d8b37d1de944cf230e410c2ce37d5e + * dirmngr/dirmngr.c: Include gnutls.h. + (opts): Add --gnutls-debug and --hkp-cacert. + (opt_gnutls_debug, my_gnutls_log): New. + (set_debug): Set gnutls log level. + (parse_rereadable_options): Register a CA file. + (main): Init GNUTLS. + * dirmngr/ks-engine-hkp.c (ks_hkp_help): Support hkps. + (send_request): Ditto. + + http: Add reference counting to the session object. + + commit ea0f5481f01eacedff264bf08144164aa989ec4d + * common/http.c (http_session_t): Add field "refcount". + (_my_socket_new, _my_socket_ref, _my_socket_unref): Add debug code. + (send_request, my_npth_read, my_npth_write): Use SOCK object for the + transport ptr. + (http_session_release): Factor all code out to ... + (session_unref): here. Deref SOCK. + (http_session_new): Init refcount and transport ptr. + (http_session_ref): New. Ref and unref all assignments. + +2014-05-02 Werner Koch <wk@gnupg.org> + + http: Add HTTP_FLAG_FORCE_TLS and http_get_tls_info. + + commit 0e59195642eb26263b8e0b9200290538631d35cd + * common/http.c (http_parse_uri): Factor code out to ... + (parse_uri): here. Add arg FORCE_TLS. + (do_parse_uri): Ditto. Implement flag. + (http_get_tls_info): New. + (http_register_tls_ca): Allow clearing of the list. + (send_request): Use a default verification function. + * common/http.h (HTTP_FLAG_FORCE_TLS): New. + * common/t-http.c (main): Add several command line options. + + common: Fix test for openpgp_oid_is_ed25519. + + commit 2def230231abd34f6012df284ab468321ffedc10 + * common/t-openpgp-oid.c (test_openpgp_oid_is_ed25519): Add correct + value. + + http: Revamp TLS API. + + commit 8412a5825c225c8ff14de3ffaad2e55e040b2eca + * configure.ac (NEED_GNUTLS_VERSION): New. + (HTTP_USE_GNUTLS, LIBGNUTLS_CFLAGS, LIBGNUTLS_LIBS): New ac_subst. + + * common/http.h (http_session_t): New. + * common/http.c: Remove compatibility for gnutls < 3.0. + (http_session_s): New. + (cookie_s): Replace gnutls_session_t by http_session_t. + (tls_callback, tls_ca_certlist): New variables. + (my_socket_unref): Add preclose args. + (my_npth_read, my_npth_write): New. + (make_header_line): Fix bug using int* instead of char*. + (http_register_tls_callback): New. + (http_register_tls_ca): New. + (http_session_new): New. + (http_session_release): New. + (http_get_header_names): New. + (escape_data): Add hack to escape in forms mode. + (send_request) [HTTP_USE_GNUTLS]: Support SNI. + (send_request) [HTTP_USE_GNUTLS]: Fix use of make_header_line. + (send_gnutls_bye): New. + (cookie_close): Make use of preclose feature. + (http_verify_server_credentials): New. + (main) [TEST]: Remove test code. + * common/t-http.c: New. + * common/tls-ca.pem: New. + * common/Makefile.am (tls_sources): New. Move http code to here. + (libcommontls_a_SOURCES): New. + (libcommontlsnpth_a_SOURCES): New. + (EXTRA_DIST): Add tls-ca.pem + (module_maint_tests): Add t-http. + (t_http_SOURCES, t_http_CFLAGS, t_http_LDADD): New. + + * dirmngr/Makefile.am (dirmngr_LDADD): Add libcommontlsnpth. + + common: Cleanup the use of USE_NPTH and HAVE_NPTH macros. + + commit 84289e85c72ae58c321dfdb96816700a6b7f7122 + * configure.ac (HAVE_NPTH): New ac_define. + * common/estream.c: Use USE_NPTH instead of HAVE_NPTH. + * common/http.c: Ditto. Replace remaining calls to pth by npth calls. + (connect_server): Remove useless _(). + * common/exechelp-posix.c, common/exechelp-w32.c + * common/exechelp-w32ce.c: Use HAVE_PTH to include npth.h. + * common/init.c (_init_common_subsystems): Remove call to pth_init. + * common/sysutils.c (gnupg_sleep): Use npth_sleep. + * scd/ccid-driver.c (my_sleep): Ditto. + +2014-04-30 Werner Koch <wk@gnupg.org> + + estream: Implement "samethread" mode keyword. + + commit 8416c875a729426eae05ed1ca9f1ebcb933c246a + * src/estream.c (estream_internal): Add field SAMETHREAD. + (init_stream_lock, lock_stream, trylock_stream, unlock_stream): Use it. + (parse_mode): Add arg SAMETHREAD and parse that keyword. + (es_initialize): Rename to ... + (init_stream_obj): this. Add arg SAMETHREAD. + (es_create): Add arg SAMETHREAD. Call init_stream_lock after + init_stream_obj. + (doreadline): Call es_create with samethread flag. + (es_fopen, es_mopen, es_fopenmem, es_fopencookie, do_fdopen) + (do_fpopen, do_w32open): Implement "samethread" keyword. + (es_freopen): Take samthread flag from old stream. + (es_tmpfile): Call es)_create w/o samethread. + + estream: Fix deadlock in es_fileno. + + commit ecea94461ed40f3f6ef662c2501e1d56ec284022 + * src/estream.c (es_fileno_unlocked): Call the unlocked functions. + + estream: Add debug code to the lock functions. + + commit aeb81727c77dfea3bf5d2d689ffbdc897f2938a7 + * common/estream.c (dbg_lock_0, dbg_lock_1, dbg_lock_1): New. + + estream: Replace locking macros by functions. + + commit 39e91a5f0a666aad2fef7a840b2cd03949bb1be4 + * common/estream.c: Replace most macros. + +2014-04-28 NIIBE Yutaka <gniibe@fsij.org> + + ECC Fixes. + + commit 21dab64030c95a909767bf6d8f99e8476f9df8a2 + * agent/cvt-openpgp.c (get_keygrip, convert_secret_key) + (convert_transfer_key): Follow newer (>= 1.6) libgcrypt API, which + does not distinguish the detail. + (do_unprotect, convert_from_openpgp_main): Don't call + map_pk_openpgp_to_gcry, as it's the value of libgcrypt API already and + not the value defined by OpenPGP. + (convert_to_openpgp): It's "ecc". + * agent/gpg-agent.c (map_pk_openpgp_to_gcry): Remove. + * g10/call-agent.c (agent_pkdecrypt): Fix off-by-one error. + * g10/pubkey-enc.c (get_it): Fix swapping the fields error. + +2014-04-22 Werner Koch <wk@gnupg.org> + + gpg: Pass --homedir to gpg-agent. + + commit fdd938a5bbecb5b70f564ae3afb4e17905404bb2 + * agent/gpg-agent.c (main): Make sure homedir is absolute. + * common/asshelp.c (lock_spawning): Create lock file with an absolute + name. + (start_new_gpg_agent): Use an absolute name for the socket and pass + option --homedir to the agent. + (start_new_dirmngr): Use an absolute name for the --homedir. + + common: Add functions make_absfilename and make_absfilename_try. + + commit 71a54313adf7b57b7b27bb9ad07b142a34306260 + * common/stringhelp.c (do_make_filename): Add modes 2 and 3. + (make_absfilename): New. + (make_absfilename_try): New. + + common: Add function gnupg_getcwd. + + commit 1a87edab6657a257876ab2f8790f2937feba7066 + * tools/gpg-connect-agent.c (gnu_getcwd): Move to ... + * common/sysutils.c (gnupg_getcwd): .. here. + * tools/gpg-connect-agent.c (get_var_ext): Use gnupg_getcwd. + + gpg: Print a warning if GKR has hijacked gpg-agent. + + commit ffa39be5ebfc1059a737905ee317c9b6f3d2a77e + * g10/call-agent.c (check_hijacking): New. + (start_agent): Call it. + (membuf_data_cb, default_inq_cb): Move more to the top. + +2014-04-17 Werner Koch <wk@gnupg.org> + + gpg: New %U expando for the photo viewer. + + commit e184a11f94e2d41cd9266484542631bec23628b5 + * g10/photoid.c (show_photos): Set namehash. + * g10/misc.c (pct_expando): Add "%U" expando. + + common: Add z-base-32 encoder. + + commit b8a91ebf46a927801866e99bb5a66ab00651424e + * common/zb32.c: New. + * common/t-zb32.c: New. + * common/Makefile.am (common_sources): Add zb82.c + (module_tests): Add t-zb32. + +2014-04-16 Werner Koch <wk@gnupg.org> + + Two minor code cleanups and one NULL deref on error fix. + + commit a34afa8f2053d75f276d6d28dbf1a43db0fd9768 + * common/estream.c (es_freopen): Remove useless check for STREAM. + * kbx/keybox-blob.c (_keybox_create_x509_blob): Remove useless check + for BLOB. + * tools/sockprox.c (run_proxy): Do not fclose(NULL). + +2014-04-15 Werner Koch <wk@gnupg.org> + + gpg: Re-enable secret key deletion. + + commit db3b528239c9d56bc71fd2283e07a3f1d91e4fd0 + * g10/call-agent.c (agent_delete_key): New. + * g10/keydb.h (FORMAT_KEYDESC_DELKEY): New. + * g10/passphrase.c (gpg_format_keydesc): Support new format. + * g10/delkey.c (do_delete_key): Add secret key deletion. + + gpg: Re-indent a file. + + commit d25d00b89efed461d344028d0e2e2be38cc77628 + * g10/delkey.c: Re-indent. + (do_delete_key, delete_keys): Change return type top gpg_error_t. + + gpg: Fix regression in secret key export. + + commit c4d983239a3f0a18c77f0a5aeba520a81a1b86e8 + * agent/cvt-openpgp.c (convert_to_openpgp): Fix use + gcry_sexp_extract_param. + * g10/export.c (do_export_stream): Provide a proper prompt to the + agent. + + gpg: Change pinentry prompt to talk about "secret key". + + commit e549799db66be30cdd68a3e6cdca9c6a050466d1 + * g10/passphrase.c (gpg_format_keydesc): Add mode 2. Change strings. + * g10/keydb.h (FORMAT_KEYDESC_NORMAL, FORMAT_KEYDESC_IMPORT) + (FORMAT_KEYDESC_EXPORT): New. Use them for clarity. + + agent: Add command DELETE_KEY. + + commit e3a4ff89a0b106e678bf9d0a4d47917123071140 + * agent/command.c (cmd_delete_key): New. + * agent/findkey.c (modify_description): Add '%C' feature. + (remove_key_file): New. + (agent_delete_key): New. + * agent/command-ssh.c (search_control_file): Make arg R_DISABLE + optional. + + * configure.ac: Require libgpg-error 1.13. + +2014-04-09 NIIBE Yutaka <gniibe@fsij.org> + + scd: EdDSA support. + + commit 3132bd90dc8db9c7fd19ba201918e95891306dc5 + * scd/app-openpgp.c (KEY_TYPE_EDDSA, CURVE_ED25519): New. + (struct app_local_s): Add eddsa. + (get_algo_byte, store_fpr): Support KEY_TYPE_EDDSA. + (get_ecc_key_parameters, get_curve_name): Support CURVE_ED25519. + (send_key_attr, get_public_key): Support KEY_TYPE_EDDSA. + (build_ecc_privkey_template): Rename as it supports both of + ECDSA and EdDSA. + (ecc_writekey): Rename. Support CURVE_ED25519, too. + (do_writekey): Follow the change of ecc_writekey. + (do_auth): Support KEY_TYPE_EDDSA. + (parse_ecc_curve): Support CURVE_ED25519. Bug fix for other curves. + (parse_algorithm_attribute): Bug fix for ECDH. Support EdDSA. + +2014-04-08 Werner Koch <wk@gnupg.org> + + dirmngr: Fix compiler warning. + + commit db85feceaf43ebd6d44421bb14fcb60495804ae0 + * common/mischelp.h (JNLIB_GCC_HAVE_PUSH_PRAGMA): New. + * dirmngr/dirmngr.c (handle_tick): Factor time check out to ... + (time_for_housekeeping_p): new. + + gpgconf: Add command --launch. + + commit b4cf4686f7349be9558217f20e51157398cd88a0 + * tools/gpgconf.c: Add command --launch. + * tools/gpgconf-comp.c (gc_component_launch): New. + + scd: Silent compiler warnings about unused variables. + + commit 36dfc37e438660632d3a2bf5d5526be9005fa8c5 + * scd/app-openpgp.c (build_ecdsa_privkey_template): Mark unused arg. + (ecdh_writekey): Mark unused args. + +2014-04-08 NIIBE Yutaka <gniibe@fsij.org> + + agent: Support EdDSA. + + commit 5ff6d0c25e6d0f422b17809b954e9e87cb137347 + * agent/pksign.c (agent_pksign_do): Handle EdDSA signature. + + g10: EdDSA support. + + commit 40c3b0741e593d0658dda0c707c4f32e80648dd1 + * g10/keyid.c (keygrip_from_pk): Compute keygrip of EdDSA key. + * g10/keygen.c (generate_subkeypair): Ed25519 is for EdDSA. + * common/openpgp-oid.c (oid_ed25519): Update. + +2014-04-04 NIIBE Yutaka <gniibe@fsij.org> + + agent: EdDSA support for SSH. + + commit 513c67b7461a2451247ef2b2fc64e0470a16edf1 + * agent/command-ssh.c (ssh_signature_encoder_eddsa): Signature is + two 32-byte opaque data which should not be interpreted as number. + +2014-03-27 Werner Koch <wk@gnupg.org> + + gpg: Add commands --quick-sign-key and --quick-lsign-key. + + commit b6786cc3ec0bb582323adf94c2ee624bcfbeb466 + * g10/gpg.c (main): Add commands --quick-sign-key and + --quick-lsign-key. + * g10/keyedit.c (sign_uids): Add args FP and QUICK. + (keyedit_quick_sign): New. + (show_key_with_all_names): Add arg NOWARN. + + Change some keyedit functions to allow printing to arbitrary streams. + + commit 4f50ec98ddd57253cae66e2321f0cc98ee189a09 + * common/ttyio.c (tty_print_string): Add optional arg FP. Change all + callers. + (tty_print_utf8_string2): Ditto. + * g10/keyedit.c (show_prefs): Ditto. + (show_key_with_all_names_colon): Ditto. + (show_names): Ditto. + * g10/keylist.c (print_revokers): Ditto. + (print_fingerprint): Ditto. + +2014-03-23 Werner Koch <wk@gnupg.org> + + agent: Replace es_mopen by es_fopenmem for ssh. + + commit 5c2a50cdc90e85b1fc380851ccfbe9186969b658 + * agent/command-ssh.c (ssh_read_key_public_from_blob): Use + es_fopenmem. + (ssh_handler_request_identities): Ditto. + (ssh_request_process): Ditto. + +2014-03-22 Werner Koch <wk@gnupg.org> + + agent: Put ssh key type as comment into sshcontrol. + + commit fc3e70c11342267c1062e4244955d19ecd72e0f6 + * agent/command-ssh.c (ssh_key_type_spec): Add field name. + (ssh_key_types): Add human readable names. + (add_control_entry): Add arg SPEC and print key type as comment. + (ssh_identity_register): Add arg SPEC. + (ssh_handler_add_identity): Add var SPEC and pass ssh_receive_key. + + agent: Support the Ed25519 signature algorithm for ssh. + + commit 072432883ededa15bf35f80102e0572746ba4af1 + * agent/command-ssh.c (SPEC_FLAG_IS_EdDSA): New. + (ssh_key_types): Add entry for ssh-ed25519. + (ssh_identifier_from_curve_name): Move to the top. + (stream_read_skip): New. + (stream_read_blob): New. + (ssh_signature_encoder_rsa): Replace MPIS array by an s-exp and move + the s-exp parsing to here. + (ssh_signature_encoder_dsa): Ditto. + (ssh_signature_encoder_ecdsa): Ditto. + (ssh_signature_encoder_eddsa): New. + (sexp_key_construct): Rewrite. + (ssh_key_extract): Rename to ... + (ssh_key_to_blob): .. this and rewrite most of it. + (ssh_receive_key): Add case for EdDSA. + (ssh_convert_key_to_blob, key_secret_to_public): Remove. + (ssh_send_key_public): Rewrite. + (ssh_handler_request_identities): Simplify. + (data_sign): Add rename args. Add new args HASH and HASHLEN. Make + use of es_fopenmen and es_fclose_snatch. Remove parsing into MPIs + which is now doe in the sgnature encoder functions. + (ssh_handler_sign_request): Take care of Ed25519. + (ssh_key_extract_comment): Rewrite using gcry_sexp_nth_string. + + agent: Cleanups to prepare implementation of Ed25519. + + commit a77ed0f266d03e234027dda4de5a7f3dd6787b1e + * agent/cvt-openpgp.c: Remove. + (convert_to_openpgp): Use gcry_sexp_extract_param. + * agent/findkey.c (is_eddsa): New. + (agent_is_dsa_key, agent_is_eddsa_key): Check whether ecc means EdDSA. + * agent/pksign.c (agent_pksign_do): Add args OVERRIDEDATA and + OVERRIDEDATALEN. + + * common/ssh-utils.c (is_eddsa): New. + (get_fingerprint): Take care or EdDSA. + +2014-03-18 Werner Koch <wk@gnupg.org> + + tools: Fix NULL deref in gpg-connect-agent. + + commit 6376227a31b3076321ce16ad626b333057bda53d + * tools/gpg-connect-agent.c (handle_inquire): Do not pass NULL to + strlen. + + dirmngr: Resurrect hosts in the HKP hosttable. + + commit 6c058fac65c7e9d1ffb72686f0f02644f172da22 + * dirmngr/dirmngr.c (HOUSEKEEPING_INTERVAL): New. + (housekeeping_thread): New. + (handle_tick): Call new function. + * dirmngr/ks-engine-hkp.c (RESURRECT_INTERVAL): New. + (struct hostinfo_s): Add field died_at and set it along with the dead + flag. + (ks_hkp_print_hosttable): Print that info. + (ks_hkp_housekeeping): New. + + common: New function elapsed_time_string. + + commit 04e304278c9302831bc81e7fe9049c588ead029a + * common/gettime.c (elapsed_time_string): New. + +2014-03-17 Werner Koch <wk@gnupg.org> + + gpg: Reject signatures made with MD5. + + commit f90cfe6b66269de0154d810c5cee1fe9a5af475c + * g10/gpg.c: Add option --allow-weak-digest-algos. + (main): Set option also in PGP2 mode. + * g10/options.h (struct opt): Add flags.allow_weak_digest_algos. + * g10/sig-check.c (do_check): Reject MD5 signatures. + * tests/openpgp/defs.inc: Add allow_weak_digest_algos to gpg.conf. + + gpg: Make --auto-key-locate work again with keyservers. + + commit 1e2e39c5758ffaf62f8bb85b4a86dc49c41f3a68 + * dirmngr/ks-engine-hkp.c (ks_hkp_get): Allow exact search mode. + * g10/keyserver.c (keyserver_import_name): Implement. + (keyserver_get): Use exact mode for name based import. + (keyserver_get): Add args R_FPR and R_FPRLEN. Change all callers. + + gpg: New mechanism "clear" for --auto-key-locate. + + commit 1d642d3ca890daa65ee5dd949a00747da6b49015 + * g10/getkey.c (parse_auto_key_locate): Implement "clear". + +2014-03-14 Werner Koch <wk@gnupg.org> + + gpg-connect-agent: Make it easier to connect to the dirmngr. + + commit 2223eaefaf53aa7217ac593b83e4294148a4db5d + * tools/gpg-connect-agent.c: Add options --dirmngr and + --dirmngr-program. + + dirmngr: Make use of IPv4 and IPV6 more explicit. + + commit 59b4fb5f4927908af06bb80ecd86adbf6e54ba14 + * common/http.c (connect_server): Handle the new flags. + * common/http.h (HTTP_FLAG_IGNORE_IPv4, HTTP_FLAG_IGNORE_IPv4): New. + * dirmngr/ks-engine-hkp.c (map_host): Add arg r_httpflags. + (make_host_part): Ditto. + (send_request): Add arg httpflags. + (ks_hkp_search, ks_hkp_get, ks_hkp_put): Handle httpflags. + + dirmngr: Do not use brackets around legacy IP addresses. + + commit d7fbefeb82833db9eea8b15dc7889ecf0b7ffab4 + * dirmngr/ks-engine-hkp.c (my_getnameinfo): Change args to take a + complete addrinfo. Bracket only v6 addresses. Change caller. + + gpg: Print the actual used keyserver address. + + commit a401f768ca8e218eef7a5c87a8f99cb1d6b4aaeb + * dirmngr/ks-engine-hkp.c (ks_hkp_search, ks_hkp_get): Print SOURCE + status lines. + * g10/call-dirmngr.c (ks_status_parm_s): New. + (ks_search_parm_s): Add field stparm. + (ks_status_cb): New. + (ks_search_data_cb): Send source to the data callback. + (gpg_dirmngr_ks_search): Change callback prototope to include the + SPECIAL arg. Adjust all users. Use ks_status_cb. + (gpg_dirmngr_ks_get): Add arg r_source and use ks_status_cb. + * g10/keyserver.c (search_line_handler): Adjust callback and print + "data source" disgnostic. + (keyserver_get): Print data source diagnostic. + + dirmngr: Default to a user socket name and enable autostart. + + commit 5d321eb00be0774418de1a05678ac0ec44d7193b + * common/homedir.c (dirmngr_socket_name): Rename to + dirmngr_sys_socket_name. + (dirmngr_user_socket_name): New. + * common/asshelp.c (start_new_dirmngr): Handle sys and user dirmngr + socket. + * dirmngr/dirmngr.c (main): Ditto. + * dirmngr/server.c (cmd_getinfo): Ditto. + * sm/server.c (gpgsm_server): Ditto. + * dirmngr/dirmngr-client.c (start_dirmngr): Likewise. + * tools/gpgconf.c (main): Print "dirmngr-sys-socket" with --list-dirs. + + * configure.ac (USE_DIRMNGR_AUTO_START): Set by default. + +2014-03-12 Werner Koch <wk@gnupg.org> + + gpg: Add option --dirmngr-program. + + commit 6dd5d99a61f24aff862ccba9f7410d7f1af87c05 + * g10/gpg.c: Add option --dirmngr-program. + * g10/options.h (struct opt): Add field dirmngr_program. + * g10/call-dirmngr.c (create_context): Use new var. + + * dirmngr/dirmngr.c: Include gc-opt-flags.h. + (main): Remove GC_OPT_FLAG_*. + * tools/gpgconf-comp.c (GC_OPT_FLAG_NO_CHANGE): Move macro to ... + * common/gc-opt-flags.h: here. + + dirmngr: Detect dead keyservers and try another one. + + commit fb56a273b1f2b3a99dc1d1a0850378ab7625e6b9 + * dirmngr/ks-action.c (ks_action_resolve): Rename var for clarity. + (ks_action_search, ks_action_put): Ditto. + (ks_action_get): Consult only the first server which retruned some + data. + + * dirmngr/ks-engine-hkp.c (SEND_REQUEST_RETRIES): New. + (map_host): Add arg CTRL and call dirmngr_tick. + (make_host_part): Add arg CTRL. + (mark_host_dead): Allow the use of an URL. + (handle_send_request_error): New. + (ks_hkp_search, ks_hkp_get, ks_hkp_put): Mark host dead and retry on + error. + + http: Add a flag to the URL parser indicating a literal v6 address. + + commit 3d9e0eb02ce2b2e153e25deb0fc4b27b45f5026a + * common/http.h (struct parsed_uri_t): Add field v6lit. + * common/http.c (do_parse_uri): Set v6lit. + +2014-03-12 NIIBE Yutaka <gniibe@fsij.org> + + scd: writekey support of ECC. + + commit 781b94174310dceffa075719420b74b29fe41764 + * scd/app-openpgp.c (CURVE_SEC_P256K1, get_algo_byte): New. + (store_fpr): Support ECC keys with varargs. + (get_ecc_key_parameters, get_curve_name): Support secp256k1. + (parse_ecc_curve): Likewise. + (build_ecdsa_privkey_template, rsa_writekey, ecdsa_writekey): New. + (ecdh_writekey): New. Not implemented yet. + (do_writekey): Call rsa_writekey, ecdsa_writekey, or ecdh_writekey. + (do_genkey): Follow the change of store_fpr. + +2014-03-11 Werner Koch <wk@gnupg.org> + + dirmngr: Put brackets around IP addresses in the hosttable. + + commit 0b2cca807d5a4a3664145032271141da853e7bac + * dirmngr/ks-engine-hkp.c (EAI_OVERFLOW): Provide a substitute. + (my_getnameinfo): New. + (map_host): Use it. + + dirmngr: Add command option to mark hosts as dead or alive. + + commit a3dee2889106fcab112c1c96b32e04d8154875e7 + * dirmngr/server.c (cmd_killdirmngr): Factor some code out to ... + (check_owner_permission): here. + (cmd_keyserver): Add options --dead and --alive. + * dirmngr/ks-engine-hkp.c (host_in_pool_p): New. + (ks_hkp_mark_host): New. + + dirmngr: Make Assuan output of keyblocks easier readable. + + commit 71b55c945542e695161ddbd783f87c5f534012a5 + * dirmngr/server.c (data_line_cookie_write): Print shorter data lines + in verbose mode. + + dirmngr: Fix HKP host selection code. + + commit 3c35b46a32ac7584f3807b611cde78b199c527d6 + * dirmngr/server.c (cmd_keyserver): Add option --resolve and change + --print-hosttable to --hosttable. + * dirmngr/ks-action.c (ks_printf_help): New. + (ks_action_resolve): New. + * dirmngr/ks-engine-hkp.c (select_random_host): Fix selection. + (ks_hkp_print_hosttable): Print to assuan stream. + (map_host): Remove debug code. Add arg FORCE_SELECT. Return numeric + IP addr if it can't be resolved. + (make_host_part): Add arg FORCE_SELECT; change callers to pass false. + (ks_hkp_resolve): New. + + List readline support in configure summary. + + commit f30d8b018871495327cbf711b73b04278a34f3e1 + * m4/readline.m4: Set gnupg_cv_have_readline. + * configure.ac: Add readline support to summary output. + +2014-03-11 NIIBE Yutaka <gniibe@fsij.org> + + agent: API change of agent_key_from_file. + + commit ac5a1a3ccb7c3e6393bc83d73b545dec9b70e7d1 + * agent/findkey.c (agent_key_from_file): Always return S-expression. + * agent/command.c (cmd_passwd): Distinguish by SHADOW_INFO. + (cmd_export_key): Likewise. Free SHADOW_INFO. + (cmd_keytocard): Likewise. Release S_SKEY. + * agent/pkdecrypt.c (agent_pkdecrypt): Likewise. + * agent/pksign.c (agent_pksign_do): Likewise. Use the S-expression to + know the key type. + +2014-03-10 Werner Koch <wk@gnupg.org> + + Backport useful code from fixes for bug 1447. + + commit 57d26f39afb3c75e24a8d240d7af32b9d2b9775a + * configure.ac: Cehck for inet_ntop. + * m4/libcurl.m4: Provide a #define for the version of the curl + library. + + scd: acquire lock in new_reader_slot. + + commit 9ab9f414fb919f0bc87c301c3e36180715d0aa4e + * scd/apdu.c (new_reader_slot): Acquire lock. + (open_ct_reader, open_pcsc_reader_direct, open_pcsc_reader_wrapped) + (open_ccid_reader, open_rapdu_reader): Release lock. + (lock_slot, trylock_slot, unlock_slot): Move more to the top. + + Do not require libiconv for Android. + + commit b278043a8f38e2706ccf617d2ac5661b33791d6b + * configure.ac (require_iconv): New. Set to false for android. + (AM_ICONV): Run only if required. + +2014-03-07 Werner Koch <wk@gnupg.org> + + dirmmgr: Use a portability wrapper for struct timeval. + + commit feda379595e06583bc5b3610dec74890de29cb8e + * dirmngr/dirmngr_ldap.c [W32]: Include winber.h. + (my_ldap_timeval_t): New. + + Silence more warnings about unused vars and args. + + commit 4387ecb11cdb2addf738eb922c1b9f14c6c76efc + * dirmngr/cdblib.c (cdb_init) [W32]: Remove unused var. + * dirmngr/dirmngr-client.c (start_dirmngr): s/int/assuan_fd_t/. + * dirmngr/dirmngr.c (w32_service_control): Mark unused args. + (call_real_main): New. + (main) [W32]: Use new function to match prototype. + (real_main) [W32]: Mark unused vars. + (handle_signal) [W32]: Do not build the function at all. + (handle_connections) [W32]: Do not define signo. + * dirmngr/ldap-wrapper-ce.c (outstream_reader_cb): Remove used vars. + * g10/tdbio.c (ftruncate) [DOSISH]: Define only if not yet defined. + + dirmngr: Simplify strtok macro. + + commit 35266076e3452590931e58f188815859dff6de3c + * dirmngr/ldap-url.c (ldap_utf8_strtok): Remove unused r3d arg. + (ldap_str2charray): Remove lasts. + + Use attribute __gnu_printf__ also in estream header files. + + commit 72133b54de89e593d8193b106e9369cf90d2e1c0 + * common/estream-printf.h: Use attribute gnu_printf. + * common/estream.h: Ditto. + + Use attribute __gnu_printf__ with our estream-printf functions. + + commit 36372dcb2f75a659b7ace0e9c46f07bb431d009c + * common/mischelp.h (JNLIB_GCC_A_PRINTF): Use __gnu_printf__ + (JNLIB_GCC_A_NR_PRINTF): Ditto. + + w32: Silence warnings about unused vars. + + commit 094aa2589e3920d400be93ae2823a6c4b23db623 + * agent/gpg-agent.c (main) [W32]: Mark unused vars. + * sm/gpgsm.c (run_protect_tool) [W32]: Ditto. + * g10/trustdb.c (check_regexp) [DISABLE_REGEX]: Ditto. + * scd/scdaemon.c (main) [W32]: Ditto. + (handle_connections) [W32]: Ditto. + (handle_signal) [W32]: Do not build the function at all. + * scd/apdu.c (pcsc_send_apdu_direct): Ditto. + (connect_pcsc_card): s/long/pcsc_dword_t/. + (open_pcsc_reader_direct): Remove var listlen. + + w32: Fix a potential problem in gpgconf's gettext. + + commit a0fc42598f51ef4a958fc3c2fed7f4b8df2da3fd + * tools/gpgconf-comp.c (my_dgettext) [USE_SIMPLE_GETTEXT]: Make sure + to return something even DOMAIN is not given. + + Silence several warnings when building under Windows. + + commit 3032fc3ad78ac9ed857570844547afed520d635a + * agent/call-scd.c (start_scd): Replace int by assuan_fd_t. + (start_pinentry): Ditto. + * common/asshelp.c (start_new_gpg_agent): Replace int by assuan_fd_t. + * common/dotlock.c (GNUPG_MAJOR_VERSION): Include stringhelp.h for + prototypes on Windows and some other platforms. + * common/logging.c (fun_writer): Declare addrbuf only if needed. + * g10/decrypt.c (decrypt_message_fd) [W32]: Return not_implemented. + * g10/encrypt.c (encrypt_crypt) [W32]: Return error if used in server + mode. + * g10/dearmor.c (dearmor_file, enarmor_file): Replace GNUPG_INVALID_FD + by -1 as temporary hack for Windows. + * g10/export.c (do_export): Ditto. + * g10/revoke.c (gen_desig_revoke, gen_revoke): Ditto. + * g10/sign.c (sign_file, clearsign_file, sign_symencrypt_file): Ditto. + * g10/server.c (cmd_verify, gpg_server) [W32]: Return an error. + + w32: Include winsock2.h to silence warnings. + + commit cb0dcc340836a64e2d33b27f1be7bc888c084f12 + + + gl: Avoid warning about shadowing an arg. + + commit 84fd36f8baa2b800ea47ff74935f5aaf0e55c299 + * gl/setenv.c (KNOWN_VALUE): s/value/_v/. + + common: Fix build problem with Sun Studio compiler. + + commit 0fc71f7277c6f833f838bbd384f1a22d0c333e8e + * common/estream.c (ESTREAM_MUTEX_UNLOCK): Use int dummy dummy + functions. + (ESTREAM_MUTEX_INITIALIZE): Ditto. + + gpg: Do not require a trustdb with --always-trust. + + commit d8f0b83e4f04641e5e9adbdd8abada15380f981c + * g10/tdbio.c (tdbio_set_dbname): Add arg R_NOFILE. + * g10/trustdb.c (trustdb_args): Add field no_trustdb. + (init_trustdb): Set that field. + (revalidation_mark): Take care of a nonexistent trustdb file. + (read_trust_options): Ditto. + (tdb_get_ownertrust): Ditto. + (tdb_get_min_ownertrust): Ditto. + (tdb_update_ownertrust): Ditto. + (update_min_ownertrust): Ditto. + (tdb_clear_ownertrusts): Ditto. + (tdb_cache_disabled_value): Ditto. + (tdb_check_trustdb_stale): Ditto. + (tdb_get_validity_core): Ditto. + * g10/gpg.c (main): Do not create a trustdb with most commands for + trust-model always. + + gpg: Print a "not found" message for an unknown key in --key-edit. + + commit dfb25d47a9fcfd7c7c084ea58744724cd5315086 + * g10/keyedit.c (keyedit_menu): Print message. + + gpg: Protect against rogue keyservers sending secret keys. + + commit db1f74ba5338f624f146a3cb41a346e46b15c8f9 + * g10/options.h (IMPORT_NO_SECKEY): New. + * g10/keyserver.c (keyserver_spawn, keyserver_import_cert): Set new + flag. + * g10/import.c (import_secret_one): Deny import if flag is set. + + agent: Fix UPDATESTARTUPTTY for ssh. + + commit 90688b29f3701f4d3e2a5a49c5544fe8d2a84b2d + * agent/command-ssh.c (setup_ssh_env): Fix env setting. + + gpgv: Init Libgcrypt to avoid syslog warning. + + commit 7c4bfa599fa69c3a942c8deea83737a4c5a0806e + * g10/gpgv.c (main): Check libgcrypt version and disable secure + memory. + + Improve libcurl detection. + + commit 5ca482d5f949444ffd453de158ee186ab07fc9b6 + * m4/libcurl.m4: Do not use AC_PATH_PROG if --with-libcurl as been + given. Suggested by John Marshall. + + gpg: Remove legacy keyserver examples from the template conf file. + + commit 0ab752cc2d46bbd0077bed889676169b7aeb1eb6 + * g10/options.skel: Update. + + (cherry picked from commit f3c5cc8bcd37e38b5d65db6a50466e22d03d1f0c) + + w32: Define WINVER only if needed. + + commit 76b1940ad6f5f058c4a6bec35902da9f6d4e27b0 + * common/sysutils.c (WINVER): Define only if less that 5.0. + + w32: Remove unused code. + + commit 63b7658a29809249d7aeb0423bf8c5a693eee0c7 + * jnlib/w32-reg.c (write_w32_registry_string): Remove. + + agent: Make --allow-mark-trusted the default. + + commit 9942a149ff2ab919c1b2916c7bc347e578a56b14 + * agent/gpg-agent.c (opts, main): Add option --no-allow-mark-trusted. + Put this option into the gpgconf-list. + (main): Enable opt.allow_mark_trusted by default. + * tools/gpgconf-comp.c (gc_options_gpg_agent): Replace + allow-mark-trusted by no-allow-mark-trusted. + + * agent/trustlist.c (agent_marktrusted): Always set the "relax" flag. + + ssh: Add support for Putty. + + commit 5105c8d2d344fd7301d456d8c13c7e90a54f7e98 + * agent/gpg-agent.c [W32]: Include Several Windows header. + (opts): Change help text for enable-ssh-support. + (opts, main): Add option --enable-putty-support + (putty_support, PUTTY_IPC_MAGIC, PUTTY_IPC_MAXLEN): New for W32. + (agent_init_default_ctrl): Add and asssert call. + (putty_message_proc, putty_message_thread): New. + (handle_connections) [W32]: Start putty message thread. + * common/sysutils.c (w32_get_user_sid): New for W32 only + * tools/gpgconf-comp.c (gc_options_gpg_agent): Add + --enable-ssh-support and --enable-putty-support. Make the + configuration group visible at basic level. + * agent/command-ssh.c (serve_mmapped_ssh_request): New for W32 only. + + agent: Fix binary vs. text mode problem in ssh. + + commit 179012ddd48e63ca83e8f5c24537a2db45c3e122 + * agent/command-ssh.c (file_to_buffer) + (ssh_handler_request_identities): Open streams in binary mode. + (start_command_handler_ssh): Factor some code out to .. + (setup_ssh_env): new function. + + Fix syntax error for building on APPLE. + + commit 4ad123d6fe341da7768e43360375e17fa89e8e0d + * scd/pcsc-wrapper.c [__APPLE__]: Fix syntax error. + + Ignore obsolete option --disable-keypad. + + commit d2a6be24af0bf220bb448fdd50c0196faddee0f4 + * scd/scdaemon.c (opts): Ignore --disable-keypad. + + Allow marking options as ignored. + + commit 8fc9de8d6bf663f7c8419b42dab01f590a694d59 + * jnlib/argparse.h (ARGPARSE_OPT_IGNORE): New. + (ARGPARSE_TYPE_MASK): New, for internal use. + (ARGPARSE_ignore): New. + * jnlib/argparse.c (optfile_parse, arg_parse): Replace remaining + constants by macros. + (optfile_parse): Implement ARGPARSE_OPT_IGNORE. + (arg_parse): Exclide ignore options from --dump-options. + +2014-03-06 Werner Koch <wk@gnupg.org> + + common: Fix recent commit 55656208. + + commit 191e32026f02054b1edb4f02536875462fd0b6b3 + * common/membuf.c (get_membuf_shrink): Fix use of LEN. + +2014-03-06 NIIBE Yutaka <gniibe@fsij.org> + + Fix g10/trust.c. + + commit 5ed8e9335fb886d7ddc86728d8481e5e47485531 + * g10/trust.c (register_trusted_keyid, register_trusted_key) + (update_ownertrust): Call functions with tdb_. + +2014-02-26 Werner Koch <wk@gnupg.org> + + common: Replace all macros in strusage() returned strings. + + commit 0f38c87f427a155ab5684e18e3b73956f81edfab + * common/argparse.c (writechar): Remove. + (writestrings): Simplify. + (strusage): Use map_static_macro_string. + + common: New function map_static_macro_string. + + commit c72762f9acf3eef5c466ba76e895d7654df12ff7 + * common/mapstrings.c: New. + * common/t-mapstrings.c: New. + * common/t-support.h (DIM, DIMof): Define if not defined. + * common/Makefile.am: Add new files. + + common: New function get_membuf_shrink. + + commit 556562086acd2bc2f8e3aa3126ebf155715e042b + * common/membuf.c (get_membuf_shrink): New. + + agent: Fixed unresolved symbol under Windows. + + commit 55c3e5f448c26360eda31e05b1f62249119f73d9 + * agent/gpg-agent.c (main): s/ttyname/gnupg_ttyname/. + + common: Require an installed libiconv. + + commit 380a2aa18e0c048cfefa1cb4102dfbf902a1962b + * common/utf8conv.c: Remove dynload.h. + (load_libiconv): Remove. Remove all calls to it. + +2014-02-10 Werner Koch <wk@gnupg.org> + + gpg: Silent more compiler warnings due to some configure options. + + commit 47e6b6bad1dff493f4102a5549a7bb54466684c2 + * g10/keygen.c (generate_keypair, gen_card_key) + (gen_card_key_with_backup) [!ENABLE_CARD_SUPPORT]: Mark unused args. + + tests: Avoid segv if dns cert lookup is not configured. + + commit 672f4aeba8bf55839911e1fe805af6b2873853f7 + * common/dns-cert.c (get_dns_cert) [!USE_DNS_CERT]: Reset return args. + + gpg: Cleanup compiler warnings due to some configure options. + + commit 7901c5c2a3b7b24e9a4eaab590b0a54e9695c3e4 + * g10/photoid.c (show_photos) [DISABLE_PHOTO_VIEWER]: Mark args as + unused. + * tools/gpgconf-comp.c (my_dgettext): Mark DOMAIN as unused if NLS is + not configured. + + gpg: Allow building without any trust model support. + + commit 62fb86c6589f7f74dad4741db31b3aefa0848420 + * configure.ac: Add option --disable-trust-models + (NO_TRUST_MODELS): New ac_define and am_conditional. + * g10/Makefile.am (trust_source): New. + (gpg2_SOURCES): Factor some files out to above. Add trust.c. + * g10/gpg.c [NO_TRUST_MODELS]: Disable options --export-ownertrust, + --import-ownertrust, --update-trustdb, --check-trustdb, --fix-trustdb, + --list-trustdb, --trustdb-name, --auto-check-trustdb, + --no-auto-check-trustdb, and --force-ownertrust. + (parse_trust_model) [NO_TRUST_MODELS]: Do not build. + (main) [NO_TRUST_MODELS]: Set trust_model to always and exclude all + trustdb related option code. + * g10/keyedit.c (cmds) [NO_TRUST_MODELS]: Remove menu items "trust", + "enable", and "disable". + * g10/keylist.c (public_key_list) [NO_TRUST_MODELS]: Do not print + "tru" record. + + * g10/trust.c: New. + * g10/trustdb.c (struct key_item): Move to trustdb.h. + (register_trusted_keyid): Rename to tdb_register_trusted_keyid. + (register_trusted_key): Rename to tdb_register_trusted_key. + (trust_letter, uid_trust_string_fixed, trust_value_to_string) + (string_to_trust_value, get_ownertrust_with_min, get_ownertrust_info) + (get_ownertrust_string, get_validity_info, get_validity_string) + (clean_sigs_from_uid, clean_uid_from_key, clean_key): Move to trust.c. + (mark_usable_uid_certs): Move to trust.c and make global. + (is_in_klist): Move as inline to trustdb.h. + (trustdb_check_or_update): Rename to tdb_check_or_update + (revalidation_mark): Rename to tdb_revalidation_mark. + (get_ownertrust): Rename to tdb_get_ownertrust. + (get_min_ownertrust): Rename to tdb_get_min_ownertrust. + (update_ownertrust): Rename to tdb_update_ownertrust. + (clear_ownertrusts): Rename to tdb_clear_ownertrusts. + (cache_disabled_value): Rename to tdb_cache_disabled_value. + (check_trustdb_stale): Rename to tdb_check_trustdb_stale. + (get_validity): Rename to tdb_get_validity_core, add arg MAIN_PK and + factor some code out to ... + * trust.c (get_validity): ...new. + (check_or_update_trustdb): New wrapper. + (revalidation_mark): New wrapper. + (get_ownertrust): New wrapper. + (get_ownertrust_with_min): New wrapper. + (update_ownertrust): New wrapper. + (clear_ownertrusts): New wrapper. + (cache_disabled_value): New wrapper. + (check_trustdb_stale): New wrapper. + + * tests/openpgp/defs.inc (opt_always): New. Use in all tests instead + of --always-trust. + + tests: Handle disabled algorithms. + + commit ea7f895319e89150e5613b6d20f21410f99d6f22 + * tests/openpgp/mds.test: Skip disabled algorithms. + * tests/openpgp/signencrypt-dsa.test: Ditto. + * tests/openpgp/sigs-dsa.test: Ditto. + +2014-02-07 Werner Koch <wk@gnupg.org> + + Silence annoying ABI change warning. + + commit 111f082487dc7a2a50375e24203de31b000e0dea + * configure.ac [GCC]: Pass -Wno-psabi for gcc >= 4.6. Avoid some gcc + option tests for gcc >= 4.6 + + Allow disabling of card support. + + commit 8e0ba4ecd3897c748ac2f06028406604ae7baced + * configure.ac: Add option --disable-card-support. Also add + am_conditional and do not build scd if card support is enabled. + + gpg: List only available algos in --gen-key. + + commit 357b142e7225e5c7f1e0f9768f48e833d5804b6a + * g10/keygen.c (ask_algo, ask_curve): Take care of GPG_USE_<algo>. + + gpg: Change --print-mds to output enabled OpenPGP algos. + + commit 54a11729fb71ba06e318fe229d0a230686ed4dc8 + * g10/gpg.c (print_mds): Use opengpg_md_test_algo. Test also for MD5 + availibility. + + gpg: Avoid compiler warnings for disabled algos. + + commit aa76a1660613ece3fc0d774856abcbe0bb158300 + * g10/misc.c (map_cipher_openpgp_to_gcry): Add case for disabled algo. + (openpgp_pk_test_algo2): Ditto. + (map_md_openpgp_to_gcry): Ditto. + +2014-02-05 Werner Koch <wk@gnupg.org> + + gpg: Change format for the key size in --list-key and --edit-key. + + commit 2c814806d759e5cf611200e8210137cf8502a672 + * g10/gpg.c (oLegacyListMode, opts, main): Add --legacy-list-mode. + * g10/options.h (struct opt): Add field legacy_list_mode. + * g10/keydb.h (PUBKEY_STRING_SIZE): New. + * g10/keyid.c (pubkey_string): New. + * g10/import.c (import_one, import_secret_one): Use pubkey_string. + * g10/keylist.c (print_seckey_info): Ditto. + (print_pubkey_info, print_card_key_info): Ditto. + (list_keyblock_print): Ditto. + * g10/mainproc.c (list_node): Ditto. + * g10/pkclist.c (do_edit_ownertrust, build_pk_list): Ditto. + * g10/keyedit.c (show_key_with_all_names): Ditto. Also change the + format. + (show_basic_key_info): Ditto. + * common/openpgp-oid.c (openpgp_curve_to_oid): Also allow "ed25519". + (openpgp_oid_to_curve): Downcase "ed25519" + +2014-01-31 Werner Koch <wk@gnupg.org> + + gpg: Add configure options to disable algorithms. + + commit 2ba818de1aa311ba8eb27012d69e93dd16e7d4ed + * acinclude.m4 (GNUPG_GPG_DISABLE_ALGO): New. + * configure.ac: Add --enable-gpg-* options to disable non MUS + algorithms. + * g10/misc.c (map_cipher_openpgp_to_gcry): Implement these options. + (openpgp_pk_test_algo2): Ditto. + (map_md_openpgp_to_gcry): Ditto. + (openpgp_cipher_test_algo, openpgp_md_test_algo): Simplify. + + gpg: Improve --version algo info output. + + commit 71540d40414dc8b304b45dc476e5e5650a2db20a + * g10/misc.c (openpgp_pk_algo_name): Return a different string for + each ECC algorithm. + * g10/gpg.c (build_list_pk_test_algo): New wrapper to cope with the + different algo type enums. + (build_list_pk_algo_name): Ditto. + (build_list_cipher_test_algo): Ditto. + (build_list_cipher_algo_name): Ditto. + (build_list_md_test_algo): Ditto. + (build_list_md_algo_name): Ditto. + (my_strusage): Use them. + (list_config): Ditto. Add "pubkeyname". + (build_list): Add letter==1 hack. + + gpg: Start using OpenPGP digest algo ids. + + commit bf50604a0d50b974c1d4b8ccf5d774489f996cae + * g10/misc.c (print_pubkey_algo_note): Use enum typedef for the arg. + (print_cipher_algo_note): Ditto. + (print_digest_algo_note): Ditto. + (map_md_openpgp_to_gcry): New. + (openpgp_md_test_algo): Rewrite. + (openpgp_md_algo_name): Rewrite to do without Libgcrypt. + * g10/cpr.c (write_status_begin_signing): Remove hardwired list of + algo ranges. + + gpg: Use only OpenPGP cipher algo ids. + + commit 16a6311adefff0139056714521214f845315b7f8 + * g10/misc.c (map_cipher_openpgp_to_gcry): Use explicit mapping and + use enums for the arg and return value. + (map_cipher_gcry_to_openpgp): Ditto. + (openpgp_cipher_blocklen): Use constant macros. + (openpgp_cipher_test_algo): Use mapping function and prepare to + disable algorithms. + (openpgp_cipher_algo_name): Do not use Libgcrypt. + + * g10/ecdh.c (pk_ecdh_encrypt_with_shared_point): Replace + CGRY_CIPHER_* by CIPHER_ALGO_*. + + * common/openpgpdefs.h (cipher_algo_t): Remove unused + CIPHER_ALGO_DUMMY. + +2014-01-30 Werner Koch <wk@gnupg.org> + + gpg: Use only OpenPGP public key algo ids and add the EdDSA algo id. + + commit b7f8dec6325f1c80640f878ed3080bbc194fbc78 + * common/sexputil.c (get_pk_algo_from_canon_sexp): Change to return a + string. + * g10/keygen.c (check_keygrip): Adjust for change. + * sm/certreqgen-ui.c (check_keygrip): Likewise. + + * agent/pksign.c (do_encode_dsa): Remove bogus map_pk_openpgp_to_gcry. + + * g10/misc.c (map_pk_openpgp_to_gcry): Remove. + (openpgp_pk_test_algo): Change to a wrapper for openpgp_pk_test_algo2. + (openpgp_pk_test_algo2): Rewrite. + (openpgp_pk_algo_usage, pubkey_nbits): Add support for EdDSA. + (openpgp_pk_algo_name): Rewrite to remove need for gcry calls. + (pubkey_get_npkey, pubkey_get_nskey): Ditto. + (pubkey_get_nsig, pubkey_get_nenc): Ditto. + * g10/keygen.c(do_create_from_keygrip): Support EdDSA. + (common_gen, gen_ecc, ask_keysize, generate_keypair): Ditto. + * g10/build-packet.c (do_key): Ditto. + * g10/export.c (transfer_format_to_openpgp): Ditto. + * g10/getkey.c (cache_public_key): Ditto. + * g10/import.c (transfer_secret_keys): Ditto. + * g10/keylist.c (list_keyblock_print, list_keyblock_colon): Ditto. + * g10/mainproc.c (proc_pubkey_enc): Ditto. + * g10/parse-packet.c (parse_key): Ditto, + * g10/sign.c (hash_for, sign_file, make_keysig_packet): Ditto. + * g10/keyserver.c (print_keyrec): Use openpgp_pk_algo_name. + * g10/pkglue.c (pk_verify, pk_encrypt, pk_check_secret_key): Use only + OpenPGP algo ids and support EdDSA. + * g10/pubkey-enc.c (get_it): Use only OpenPGP algo ids. + * g10/seskey.c (encode_md_value): Ditto. + +2014-01-29 Werner Koch <wk@gnupg.org> + + gpg: Remove cipher.h and put algo ids into a common file. + + commit ea8a1685f75d27f5277d42ea7390ad5aeaf51b1f + * common/openpgpdefs.h (cipher_algo_t, pubkey_algo_t, digest_algo_t) + (compress_algo_t): New. + * agent/gpg-agent.c: Remove ../g10/cipher.h. Add openpgpdefs.h. + * g10/cipher.h (DEK): Move to ... + * g10/dek.h: new file. + * g10/cipher.h (is_RSA, is_ELGAMAL, is_DSA) + (PUBKEY_MAX_NPKEY, PUBKEY_MAX_NSKEY, PUBKEY_MAX_NSIG, PUBKEY_MAX_NENC) + (PUBKEY_USAGE_SIG, PUBKEY_USAGE_ENC, PUBKEY_USAGE_CERT) + (PUBKEY_USAGE_AUTH, PUBKEY_USAGE_NONE): Move to + * g10/packet.h: here. + * g10/cipher.h: Remove. Remove from all files. + * g10/filter.h, g10/packet.h: Include dek.h. + * g10/Makefile.am (common_source): Remove cipher.h. Add dek.h. + + include: Remove this directory. + + commit 25b4c2acbd01f9b4c2c364f44c53b73498ed8469 + * include/cipher.h: Move to ... + * g10/cipher.h: here. + * agent/gpg-agent.c: Adjust header file name. + + * include/host2net.h: Move to ... + * common/host2net.h: here. Change license to LGPLv3/GPLv2. Adjust + notices to reflect that only me worked on that file. + + * include/types.h: Remove. + * common/types.h: Include inttypes.h. Add byte typedef and comments + for __riscos__. + * common/iobuf.h: Adjust header file name. + + * include/_regex.h: Remove this unused file. + + * include/Makefile.am: Remove. + * Makefile.am (SUBDIRS): Remove "include". + * configure.ac (AC_CONFIG_FILES): Remove include/Makefile. + * include/ChangeLog-2011: Move to ... + * common/ChangeLog-2011.include: here. + * common/Makefile.am (EXTRA_DIST): Add file. + + * include/zlib-riscos.h: Move this repo only file to ... + * g10/zlib-riscos.h: here. + + * include/: Remove. + +2014-01-17 Werner Koch <wk@gnupg.org> + + Remove unused u64 type definitions. + + commit 362a30d8c2f529cd44687066f9c33cab7b43bedc + * configure.ac: Remove check for uint64 and UINT64_C. + * include/types.h: Remove u64 stuff. + * common/types.h: Ditto. + +2014-01-16 NIIBE Yutaka <gniibe@fsij.org> + + agent: Not remove SSH socket when already running. + + commit 0ee66a6f66d7389e381fffa5f9eedbc8de9add10 + * agent/gpg-agent.c (main): Defer setting of socket_name_ssh to avoid + removal of the socket when it will die in create_server_socket for + socket_name. + + agent: Fix agent_is_eddsa_key. + + commit 9c731bbedfd8bded5efd886304c5ca6655768c45 + * agent/findkey.c (agent_is_eddsa_key): Implemented. + +2014-01-15 NIIBE Yutaka <gniibe@fsij.org> + + Add secp256k1. + + commit c5e41f539b9a21cbad10c7dae95572a4445d31c3 + * common/openpgp-oid.c (openpgp_curve_to_oid): Add secp256k1. + (openpgp_oid_to_curve): Likewise. + + * g10/keygen.c (ask_curve): Add secp256k1. + +2014-01-10 Werner Koch <wk@gnupg.org> + + autogen.sh: Add rule for 64 bit windows. + + commit aedfa95bcc49156f2bc6ae5d0f385705d4fbdd32 + + + Turn autogen.sh into a generic script. + + commit e7973d36d88178b4b0a977e3fcc0d62600777618 + * autogen.sh: Revamp. + * autogen.rc: New. + * Makefile.am (EXTRA_DIST): Add autogen.rc. + + Rename scripts/ to build-aux/ + + commit 99a48b2fcdf7c33fe553511c12f2ebb8eea5c634 + * scripts/: Rename to build-aux/ + * Makefile.am: Adjust accordingly. + * configure.ac (AC_CONFIG_AUX_DIR): Change to build-aux. + +2014-01-09 Werner Koch <wk@gnupg.org> + + Improve the speedo make script. + + commit a55ffb9da9a844bd2bd73a4a2ea65bf18b21c57f + * scripts/gpg-w32-dev/README: Remove + * scripts/gpg-w32-dev/GNUmakefile, scripts/gpg-w32-dev/speedo.mk: + Merge into .. + * scripts/speedo.mk: this. + + gpgsplit: Allow building without zlib support. + + commit 00d5d2204cefb0f4b953e0c00448f16aab2d39c7 + * tools/gpgsplit.c [!HAVE_ZLIB]: Do not include zlib.h. + (handle_zlib): Build only if HAVE_ZLIB is defined. + (write_part): Support zlib and zip only if HAVE_ZLIB is defined. + + w32: Fix backslash quoting in registry name. + + commit fa318406c9bdb60aee1e1b410e4c9e0b3eb1392e + * configure.ac (GNUPG_REGISTRY_DIR): Double backslashes. + + Fix test for zlib. + + commit 477aabaf753f987987f7a2e1f999a499ea3bd103 + * configure.ac (HAVE_ZLIB): Define only if found. + + Add --enable-silent-rules stuff. + + commit aba53e9f96d0c9b270edef0806976a56326249c4 + * configure.ac: Add AM_SILENT_RULES. + +2014-01-08 Werner Koch <wk@gnupg.org> + + w32: Add macro for the registry key. + + commit 75ba215ebd8be7e14b26bb53ef3c7d41e4ce1e02 + * configure.ac (GNUPG_REGISTRY_DIR) [W32]: New ac-define. + * common/homedir.c (default_homedir): Use it. + * common/logging.c (do_logv): Use it. + +2013-12-11 Werner Koch <wk@gnupg.org> + + gpg: Change --show-session-key to print the session key earlier. + + commit 101a54add351ff62793cbfbf3877787c4791f833 + * g10/cpr.c (write_status_strings): New. + (write_status_text): Replace code by a call to write_status_strings. + * g10/mainproc.c (proc_encrypted): Remove show_session_key code. + * g10/decrypt-data.c (decrypt_data): Add new show_session_key code. + +2013-12-05 Werner Koch <wk@gnupg.org> + + gpg: Change OID of Ed25519 and add Brainpool oids. + + commit 59207a86e5f40c77fed296b642bf76692e8eef65 + * common/openpgp-oid.c (openpgp_curve_to_oid): Change OID for + Ed25519. Add brainpool OIDs. + (openpgp_oid_to_curve): Ditto. + +2013-11-29 Werner Koch <wk@gnupg.org> + + common: Add put_membuf_printf. + + commit 159d42ee6ab21d97f40ee129445f37209b875739 + * common/membuf.c (put_membuf_printf): New. + +2013-11-27 Werner Koch <wk@gnupg.org> + + gpg: Change armor Version header to emit only the major version. + + commit e951782e937ce290be0d89d83e84b3daea997587 + * g10/options.h (opt): Rename field no_version to emit_version. + * g10/gpg.c (main): Init opt.emit_vesion to 1. Change --emit-version + to bump up opt.emit_version. + * g10/armor.c (armor_filter): Implement different --emit-version + values. + +2013-11-18 Werner Koch <wk@gnupg.org> + + Make use of the *_NAME etc macros. + + commit cc9a0b69b698ba436eaf777e5020532845b56236 + Replace hardwired strings at many places with new macros from config.h + and use the new strusage macro replacement feature. + + * common/asshelp.c (lock_spawning) [W32]: Change the names of the spawn + sentinels. + * agent/command.c (cmd_import_key): Use asprintf to create the prompt. + + Add strusage macro replacement feature. + + commit 798daaa1ddf73f64cf840fbdc1f4c5b9c4b4ec13 + * common/argparse.c (writechar): New. + (writestrings): Add macro replacement feature. + (show_help): Remove specialized @EMAIL@ replacement. + * configure.ac (GNUPG_NAME, GPG_NAME, GPGSM_NAME): Define. + (GPG_AGENT_NAME, DIRMNGR_NAME, G13_NAME, GPGCONF_NAME): Define. + (GPGTAR_NAME, GPG_AGENT_INFO_NAME, GPG_AGENT_SOCK_NAME): Define. + (GPG_AGENT_SSH_SOCK_NAME, DIRMNGR_INFO_NAME): Define. + (DIRMNGR_SOCK_NAME): Define. + +2013-11-15 Werner Koch <wk@gnupg.org> + + kbx: Implement update operation for OpenPGP keyblocks. + + commit 5499942571a88a1223a7318992605c6d29858866 + * kbx/keybox-update.c (keybox_update_keyblock): Implement. + * kbx/keybox-search.c (get_blob_flags): Move to ... + * kbx/keybox-defs.h (blob_get_type): here. + * kbx/keybox-file.c (_keybox_read_blob2): Fix calling without R_BLOB. + * g10/keydb.c (build_keyblock_image): Allow calling without + R_SIGSTATUS. + (keydb_update_keyblock): Implement for keybox. + + * kbx/keybox-dump.c (_keybox_dump_blob): Fix printing of the unhashed + size. Print "does not expire" also on 64 bit platforms. + + gpg: Rework ECC support and add experimental support for Ed25519. + + commit 402aa0f94854bb00475c934be5ca6043a4632126 + * agent/findkey.c (key_parms_from_sexp): Add algo name "ecc". + (agent_is_dsa_key): Ditto. + (agent_is_eddsa_key): New. Not finished, though. + * agent/pksign.c (do_encode_eddsa): New. + (agent_pksign_do): Use gcry_log_debug functions. + * agent/protect.c (agent_protect): Parse a flags parameter. + * g10/keygen.c (gpg_curve_to_oid): Move to ... + * common/openpgp-oid.c (openpgp_curve_to_oid): here and rename. + (oid_ed25519): New. + (openpgp_oid_is_ed25519): New. + (openpgp_oid_to_curve): New. + * common/t-openpgp-oid.c (test_openpgp_oid_is_ed25519): New. + * g10/build-packet.c (gpg_mpi_write): Write the length header also for + opaque MPIs. + (gpg_mpi_write_nohdr): New. + (do_key): Use gpg_mpi_write_nohdr depending on algorithm. + (do_pubkey_enc): Ditto. + * g10/ecdh.c (pk_ecdh_encrypt_with_shared_point): Use + gpg_mpi_write_nohdr. + * g10/export.c (transfer_format_to_openpgp): + * g10/keygen.c (ecckey_from_sexp): Return the error. + (gen_ecc): Repalce arg NBITS by CURVE. + (read_parameter_file): Add keywords "Key-Curve" and "Subkey-Curve". + (ask_curve): New. + (generate_keypair, generate_subkeypair): Use ask_curve. + (do_generate_keypair): Also pass curve name. + * g10/keylist.c (list_keyblock_print, list_keyblock_colon): Print + curve name. + * g10/parse-packet.c (mpi_read): Remove workaround for + Libcgrypt < 1.5. + (parse_key): Fix ECC case. Print the curve name. + * g10/pkglue.c (mpi_from_sexp): Rename to get_mpi_from_sexp. + (pk_verify, pk_check_secret_key): Add special case for Ed25519. + * g10/seskey.c (encode_md_value): Ditto. + * g10/sign.c (do_sign, hash_for, sign_file): Ditto. + + kbx: Fix possible segv in kbxdump. + + commit 9ae48b173c93f4747a9826beb1fbd023c4362c22 + * kbx/keybox-dump.c (_keybox_dump_blob): Check length before get32. + + Require Libgcrypt 1.6. + + commit b27161cd0c76ae6e2381f60c3a502cde3a2aaa21 + * agent/pksign.c (do_encode_dsa): Remove Libgcrypt version check + +2013-11-13 NIIBE Yutaka <gniibe@fsij.org> + + scd: more pinpad input fix for PC/SC. + + commit abd922e79b2ff63a5a763a30d4a06a91f93d0b12 + * scd/apdu.c (check_pcsc_pinpad): Set default values here. + (pcsc_pinpad_verify, pcsc_pinpad_modify): Remove setting default + values, as it's too late. + +2013-11-11 NIIBE Yutaka <gniibe@fsij.org> + + scd: more pinpad fix. + + commit 037dea9dd5eac7a74df0e12cb437e71fb0732afa + * scd/apdu.c (check_pcsc_pinpad): Set ->minlen and ->maxlen only when + those are specified. + (pcsc_pinpad_modify): Remove old check code. + +2013-10-29 NIIBE Yutaka <gniibe@fsij.org> + + scd: pinpad fix for PC/SC on Windows. + + commit 32989ad2b152d18198d718bc2c7232ce3e79c72f + * scd/apdu.c (SCARD_CTL_CODE): Fix for Windows. + +2013-10-28 Werner Koch <wk@gnupg.org> + + doc: Change yat2m to allow arbitrary condition names. + + commit a15c35f37ed2b58805adc213029998aa3e52f038 + * doc/yat2m.c (MAX_CONDITION_NESTING): New. + (gpgone_defined): Remove. + (condition_s, condition_stack, condition_stack_idx): New. + (cond_is_active, cond_in_verbatim): New. + (add_predefined_macro, set_macro, macro_set_p): New. + (evaluate_conditions, push_condition, pop_condition): New. + (parse_file): Rewrite to use the condition stack. + (top_parse_file): Set prefined macros. + (main): Change -D to define arbitrary macros. + +2013-10-25 NIIBE Yutaka <gniibe@fsij.org> + + scd: fix pinpad input on Windows. + + commit de7e15c6b80164a351586e9087aad86420c8b89e + * scd/apdu.c (open_pcsc_reader_direct): Don't call + pcsc_vendor_specific_init here, but... + (connect_pcsc_card): Call it here. + +2013-10-23 NIIBE Yutaka <gniibe@fsij.org> + + po: Update Japanese translation. + + commit b66158cac7347e4c56c79ab7b5416ae5b3f4a0a2 + + +2013-10-16 NIIBE Yutaka <gniibe@fsij.org> + + scd: add pinpad readers information for PC/SC service. + + commit 5efcc2b8fee8de31d255d09037f0a1e6209eab32 + * scd/apdu.c (pcsc_vendor_specific_init): Add information for Cherry + ST-2xxx, Reiner cyberJack, Vasco DIGIPASS, FSIJ Gnuk Token, and KAAN + Advance. + +2013-10-15 NIIBE Yutaka <gniibe@fsij.org> + + scd: remove pin length check. + + commit e0ab665a792ada6470cb8885b8427acc3c960998 + * scd/apdu.c (pcsc_pinpad_verify): Remove old check code for pin + length. + +2013-10-04 Werner Koch <wk@gnupg.org> + + gpg: Limit the nesting level of I/O filters. + + commit e6175055fbca958b7fa43aaf84359574ca7f3ebb + * common/iobuf.c (MAX_NESTING_FILTER): New. + (iobuf_push_filter2): Limit the nesting level. + + * g10/mainproc.c (mainproc_context): New field ANY. Change HAVE_DATA + and ANY_SIG_SIGN to bit fields of ANY. Add bit field + UNCOMPRESS_FAILED. + (proc_compressed): Avoid printing multiple Bad Data messages. + (check_nesting): Return GPG_ERR_BAD_DATA instead of UNEXPECTED_DATA. + +2013-10-02 Werner Koch <wk@gnupg.org> + + gpg: Fix bug with deeply nested compressed packets. + + commit 0899f6d4be0406c9efbf9c3f342825804f359b5a + * g10/mainproc.c (MAX_NESTING_DEPTH): New. + (proc_compressed): Return an error code. + (check_nesting): New. + (do_proc_packets): Check packet nesting depth. Handle errors from + check_compressed. + +2013-09-08 Werner Koch <wk@gnupg.org> + + Switch to deterministic DSA. + + commit 6466db10fb22a4f24df4edad9c5cb33ec67321bd + * agent/pksign.c (rfc6979_hash_algo_string): New. + (do_encode_dsa) [Libgcrypt >= 1.6]: Make use of RFC-6979. + +2013-08-30 Werner Koch <wk@gnupg.org> + + scd: Suppress gcc warning about possible uninitialized use. + + commit 244587ea41d4c75cb5570356f09a6705864a7e8d + * scd/app-nks.c (parse_pwidstr): Always init r_pwid. + + gpg: Use 2048 as the default keysize in batch mode. + + commit 4c3b35b067a4e7002bb6473b879b551014bb7857 + * g10/keygen.c (gen_elg, gen_dsa, gen_rsa): Set default keysize to + 2048. + + gpgtar: Fix building for systems with a separate libintl. + + commit 12990efb45ee7c425167aad19fe759d5609c5182 + * tools/Makefile.am (gpgtar_LDADD): Add LIBINTL and LIBICONV. + + scd: Use vendor and product id macros also in apdu.c. + + commit fc31d730d8506b069de1d3529ed26660856bf07f + * scd/ccid-driver.c: Move vendor and product ids to ... + * scd/ccid-driver.h: here. + * scd/apdu.c (CCID_DRIVER_INCLUDE_USB_IDS): Define to include ids. + (pcsc_vendor_specific_init): Use vendor and product id macros. + +2013-08-30 NIIBE Yutaka <gniibe@fsij.org> + + scd: PC/SC pinpad input improvement. + + commit 95a3bffeaf07e8bf9487d4b165c336d166236fc1 + * scd/apdu.c (struct reader_table_s): Add members: PINMIN, PINMAX, and + PINPAD_VERLEN_SUPPORTED. + (CM_IOCTL_VENDOR_IFD_EXCHANGE, FEATURE_GET_TLV_PROPERTIES, + PCSCv2_PART10_PROPERTY_*): New. + (new_reader_slot): Initialize pinpad_varlen_supported, pinmin, pinmax. + (pcsc_vendor_specific_init): New. + (open_pcsc_reader_direct, open_pcsc_reader_wrapped): Call + pcsc_vendor_specific_init. + (check_pcsc_pinpad): Not detect here but use the result of + pcsc_vendor_specific_init. + (pcsc_pinpad_verify, pcsc_pinpad_modify): Specify bNumberMessage. + +2013-08-29 Jonas Borgström <jonas@borgstrom.se> + + scd: add support for RSA_CRT and RSA_CRT_N key import. + + commit cc67918c088e90c1d9a507af5f6288e8faa93d87 + * scd/app-openpgp.c (do_writekey): Added RSA_CRT and RSA_CRT_N support. + +2013-08-29 Werner Koch <wk@gnupg.org> + + kbx: Add a few macros for easier readability. + + commit 3adfaa9beee4502479b5673c7dfd386680a920c5 + * kbx/keybox-update.c (FILECOPY_INSERT) + (FILECOPY_DELETE, FILECOPY_UPDATE): New macros. Replace numbers by + them. + +2013-08-28 Werner Koch <wk@gnupg.org> + + Fix commit 04e2c83f. + + commit fdbf76eee6a4e81b040d423926b71af7b491fb4a + * agent/command-ssh.c (stream_read_string): Do not assign to a NULL + ptr. + + gpg: Make decryption with the OpenPGP card work. + + commit 780ba3233618393835970bac4cf8aab713f4d7fa + * scd/app-common.h (APP_DECIPHER_INFO_NOPAD): New. + * scd/app-openpgp.c (do_decipher): Add arg R_INFO. + * scd/app-nks.c (do_decipher): Add arg R_INFO as a dummy. + * scd/app.c (app_decipher): Add arg R_INFO. + * scd/command.c (cmd_pkdecrypt): Print status line "PADDING". + * agent/call-scd.c (padding_info_cb): New. + (agent_card_pkdecrypt): Add arg R_PADDING. + * agent/divert-scd.c (divert_pkdecrypt): Ditto. + * agent/pkdecrypt.c (agent_pkdecrypt): Ditto. + * agent/command.c (cmd_pkdecrypt): Print status line "PADDING". + * g10/call-agent.c (padding_info_cb): New. + (agent_pkdecrypt): Add arg R_PADDING. + * g10/pubkey-enc.c (get_it): Use padding info. + + agent: Fix two compiler warnings. + + commit 04e2c83f189cc56342e1be784bdc63761ccdb5bb + * agent/command.c (cmd_preset_passphrase, pinentry_loopback): Use %zu + in format string. + * scd/ccid-driver.c (ccid_get_atr): Ditto. + * agent/command-ssh.c (stream_read_string): Init arg STRING_SIZE to + avoid maybe_unitialized warning. + +2013-08-27 NIIBE Yutaka <gniibe@fsij.org> + + scd: fix parsing login-data DO. + + commit b6d54f1196d5f110fd94dfd661e74dbc60ca9811 + * scd/app-openpgp.c (parse_login_data): Release RELPTR. Fix parsing. + + scd: fix Vega for Alpha reader. + + commit 54cbab29c700db2df74e808f16db49170e6c42f1 + * scd/ccid-driver.c (ccid_vendor_specific_init): Fix error handling + and size of command. + +2013-08-21 Werner Koch <wk@gnupg.org> + + scd: Make SPRx32 pinpad work with PC/SC on Windows. + + commit 5c5e52df4b92e23045ac87abac09357de58920d4 + * scd/apdu.c (CM_IOCTL_GET_FEATURE_REQUEST): Use SCARD_CTL_CODE. + (SCARD_CTL_CODE): Define if not defined. + (reader_table_s): Add is_spr532. + (new_reader_slot): Clear it. + (check_pcsc_pinpad): Set it. + (pcsc_pinpad_verify, pcsc_pinpad_modify): Add fix for SPR532. + + scd: Improve --enable-pinpad-varlen. + + commit 7bde2bf3b0ddb5d3515a44879e1a7ddb581a5c0b + * tools/gpgconf-comp.c (gc_options_scdaemon): Add + enable-pinpad-varlen. + * scd/apdu.c (check_pcsc_pinpad): Detect SPRx32 reader. + +2013-08-08 Werner Koch <wk@gnupg.org> + + agent: Extend cmd KEYINFO to return data from sshcontrol. + + commit 50c98c7ed6b542857ee2f902eca36cda37407737 + * agent/command-ssh.c (struct control_file_s): Rename to + ssh_control_file_s. + (ssh_open_control_file, ssh_close_control_file) + (ssh_read_control_file, ssh_search_control_file): New. + (control_file_t): Rename and move to ... + * agent/agent.h (ssh_control_file_t): here. + * agent/command.c (do_one_keyinfo): Add args is_ssh, ttl, disabled, + and confirm. Rename unknown keytype indicator from '-' to 'X'. Extend + output. + (cmd_keyinfo): Add options --ssh-list and --with-ssh. + +2013-08-02 Werner Koch <wk@gnupg.org> + + gpg: No need to create a trustdb when encrypting with --always-trust. + + commit 498b9a95dc65c43240835d64cc92d8fb43014d53 + * g10/gpg.c (main): Special case setup_trustdb for --encrypt. + +2013-08-01 Werner Koch <wk@gnupg.org> + + w32: Fix recent patch 9ff72e4. + + commit ca6fe88c0068f8d45ef39df0fc7b161998a91fe9 + * common/homedir.c (check_portable_app): Fix the name of the control + file. + + agent: Include missing prototype. + + commit ef6a6d973c2bcc54006c04dc41f978ff01005c97 + * agent/protect.c: Include cvt-openpgp.h. + + w32: Add code to support a portable use of GnuPG. + + commit 9ff72e4e7e4f56c241a525479a94ed4c95efc23f + * common/homedir.c (w32_bin_is_bin, w32_portable_app) [W32]: New. + (check_portable_app) [W32]: New. + (standard_homedir, default_homedir) [W32]: Support the portable flag. + (w32_rootdir, w32_commondir) [W32]: Ditto. + (gnupg_bindir, gnupg_cachedir, dirmngr_socket_name) [W32]: Ditto. + * common/logging.h (JNLIB_LOG_NO_REGISTRY): New. + * common/logging.c (no_registry): New variable. + (log_set_prefix, log_get_prefix): Set/get that variable. + (do_logv): Do not check the registry if that variable is set. + + Silence compiler warning about deprecated Libgcrypt symbols. + + commit db4651734fe91935b17876dc9194329b00066eff + * configure.ac (AH_BOTTOM): Define GCRYPT_NO_DEPRECATED. + + dirmngr: Define missing LDAP constant. + + commit ef2e2e54020c3475bf2129c3ec8360c7bad3a6c9 + * dirmngr/ldap-url.c (LDAP_SCOPE_DEFAULT): Define if missing. + + scd: Fix a syntax error for Apple and Windows. + + commit 25b0357bf0a4861a751cfbc3e0335ae05c8b2b1b + * scd/apdu.c (pcsc_dword_t) [W32]: Fix syntax error. + + common: Fix a build error when using adns. + + commit ffa7472db551f12f66b9789c31fabb5fc80cc13a + * common/dns-cert.c (get_dns_cert) [USE_ADNS]: Fix synatx error. + +2013-07-31 Werner Koch <wk@gnupg.org> + + common: Comment out unused code. + + commit f101f34fffee4a02e7a5f62b59667e45e50e8325 + * common/w32-reg.c (write_w32_registry_string): Comment out. + + dirmngr: Remove unused file. + + commit 2830fcb83c99289a49da0e111766daf2d9a1fa3b + * dirmngr/get-path.c: Remove. + +2013-06-27 Werner Koch <wk@gnupg.org> + + sm: Remove cruft from source files. + + commit f254497e09fa4e0e24e63d14f7316fc31c938844 + * sm/keydb.c, sm/keydb.h: Remove disabled code parts. + + Prepare for newer automake versions. + + commit 043e2728c813299fafcf62cd125ecf872b26179e + * configure.ac (AM_INIT_AUTOMAKE): Replace 2 argument form by the + option form. Add options from the top Makefile. + (AM_CONFIG_HEADER): Rename to AC_CONFIG_HEADER. + * Makefile.am (AUTOMAKE_OPTIONS): Remove. + + * kbx/Makefile.am: Remove INCLUDES. Include cmacros.am. FActor some + AM_CPPFLAGS options to AM_CFLAGS. + +2013-06-26 Werner Koch <wk@gnupg.org> + + Fix Makefile regression. + + commit 136f190a2f20c6ec4d5c3ca3ac7f0440c14e4dc2 + * agent/Makefile.am (gpg_agent_DEPENDENCIES): Remove cruft from wrong + resolve conflict 2013-04-25. + (gpg_agent_DEPENDENCIES): Remove obsolete gpg_agent_res_deps + (gpg_agent_LDFLAGS): Remove obsolete gpg_agent_res_ldflags. + +2013-05-22 Werner Koch <wk@gnupg.org> + + Implement unattended OpenPGP secret key import. + + commit 7777e68d0482c942f527e91c04adbcfb40bc8bef + * agent/command.c (cmd_import_key): Add option --unattended. + * agent/cvt-openpgp.c (convert_transfer_key): New. + (do_unprotect): Factor some code out to ... + (prepare_unprotect): new function. + (convert_from_openpgp): Factor all code out to ... + (convert_from_openpgp_main): this. Add arg 'passphrase'. Implement + openpgp-native protection modes. + (convert_from_openpgp_native): New. + * agent/t-protect.c (convert_from_openpgp_native): New dummy fucntion + * agent/protect-tool.c (convert_from_openpgp_native): Ditto. + * agent/protect.c (agent_unprotect): Add arg CTRL. Adjust all + callers. Support openpgp-native protection. + * g10/call-agent.c (agent_import_key): Add arg 'unattended'. + * g10/import.c (transfer_secret_keys): Use unattended in batch mode. + + New debug functions log_printcanon and log_printsexp. + + commit cb6a64bb78296c8e9f72df0c482ff847e89a1541 + * common/sexputil.c (sexp_to_string, canon_sexp_to_string): New. + (log_printcanon, log_printsexp): New. + + agent: Fix length detection of canonical formatted openpgp keys. + + commit 0f0e0559f9b160824f10dc17b389268cdb53aea4 + * agent/command.c (cmd_import_key): Pass 0 instead of KEYLEN to + gcry_sexp_canon_len. + + agent: New option --disable-check-own-socket. + + commit f2d8a14e1b12534eba69d595a62c78f92331e11b + * agent/gpg-agent.c (oDisableCheckOwnSocket): New. + (disable_check_own_socket): New. + (parse_rereadable_options): Set new option. + (check_own_socket): Implement new option. + +2013-05-07 Werner Koch <wk@gnupg.org> + + w32: Add icons and version information. + + commit 88e24341e57c96e31a25e92e09d67989e64cc1c1 + * common/gnupg.ico: New. Take from artwork/gnupg-favicon-1.ico. + * agent/gpg-agent-w32info.rc: New. + * g10/gpg-w32info.rc: New. + * scd/scdaemon-w32info.rc: New. + * sm/gpgsm-w32info.rc: New. + * tools/gpg-connect-agent-w32info.rc: New. + * common/w32info-rc.h.in: New. + * configure.ac (BUILD_REVISION, BUILD_FILEVERSION, BUILD_TIMESTAMP) + (BUILD_HOSTNAME): New. + (AC_CONFIG_FILES): Add w32info-rc.h. + * am/cmacros.am (.rc.o): New rule. + * agent/Makefile.am, common/Makefile.am, g10/Makefile.am + * scd/Makefile.am, sm/Makefile.am, tools/Makefile.am: Add stuff to + build resource files. + +2013-05-07 Ian Abbott <abbotti@mev.co.uk> + + doc: fix some Texinfo warnings. + + commit 2c3fc4719b92d9e3ac32efd134a930e1cc126032 + * doc/gpg.texi: Fix syntax and add missing menu entries. + * doc/gpgsm.texi: Fix subsectioning. + +2013-04-22 Werner Koch <wk@gnupg.org> + + Fix potential heap corruption in "gpg -v --version". + + commit 151b78cc26d728e9eb42620e0caf8c6f4bd7f839 + * g10/gpg.c (build_list): Rewrite to cope with buffer overflow in + certain locales. + +2013-04-19 Werner Koch <wk@gnupg.org> + + gpgsm: Remove non-implemented commands from --help. + + commit d6798d261cbe6519ef5b3ebb474e2ad348442c0c + * sm/gpgsm.c (opts): Removed commands --clearsign, --symmetric, + --send-keys, and --recv-keys. + +2013-04-19 Daiki Ueno <ueno@gnu.org> + + Make sure to call fflush if estream_t is backed with stdio. + + commit e498180d5647d3427a7d7e6c82a9f09cf1ba439d + * common/estream.c (es_func_fp_write): Call fflush after fwrite. + +2013-04-19 Werner Koch <wk@gnupg.org> + + doc: Formatting fixes. + + commit ff6115227a1ced14e2fb3d160a12181b9dfbc502 + * doc/Makefile.am (.fig.jpg): Correct to use -L jpeg. + * doc/gpg.texi: Fix cross reference for --options. + * doc/gpgsm.texi: Likewise. + * doc/gpl.texi: Fix enumerate and re-indent examples. + +2013-04-01 NIIBE Yutaka <gniibe@fsij.org> + + scd: move SCDaemon to libexecdir. + + commit 021767d8aa11aac8ac87dc3a31969ee6cfa65966 + * common/homedir.c (gnupg_module_name): It's now libexecdir. + * scd/Makefile.am (libexec_PROGRAMS): Add scdaemon + (bin_PROGRAMS): Remove scdaemon. + +2013-03-29 Werner Koch <wk@gnupg.org> + + copyright assignments are not anymore required. + + commit 07227279c44e3af0939f90025a0d22b782d0f185 + + +2013-03-26 NIIBE Yutaka <gniibe@fsij.org> + + scd: PC/SC status fix. + + commit 64b1a2cf6f18348544a2d2cd4d49fd27bf01c150 + * scd/apdu.c (pcsc_get_status_direct): Check PCSC_STATE_MUTE only when + PCSC_STATE_PRESENT. + + * scd/pcsc-wrapper.c (handle_status): Ditto. + + scd: PC/SC cleanup (more). + + commit b9aceaa442914beb4f5359283053b43ba5a46b4c + * scd/apdu.c (control_pcsc_direct, control_pcsc_wrapped, control_pcsc) + (check_pcsc_pinpad, pcsc_pinpad_verify, pcsc_pinpad_modify): Use + pcsc_dword_t. + + scd: call update_card_removed only when detecting removal. + + commit 1062893832bb15eaac853f52e1cb673e5e03790a + * scd/command.c (update_reader_status_file): Add condition + vr->status == 0. + +2013-03-22 NIIBE Yutaka <gniibe@fsij.org> + + scd: PC/SC cleanup. + + commit ee95c23fcdc6673db0fc7287ab2197915d9b55b3 + * scd/apdu.c (pcsc_dword_t): New. It was named as DWORD (double-word) + when a word was 16-bit. + (struct reader_table_s): Fixes for types. + (struct pcsc_readerstate_s) [__APPLE__]: Enable #pragma pack(1). + Throughout: Fixes for types. + + * scd/pcsc-wrapper.c: Likewise. + +2013-03-21 NIIBE Yutaka <gniibe@fsij.org> + + po: Enable ja.po. + + commit a75a08d6e30e93e1793aa78a15d473a3ea7623cb + * po/LINGUAS: Enable ja.po. + + scd: change default value of pinpad maxlen. + + commit ca66f5c779af74d0eb7221afd7a9707201931e50 + * scd/apdu.c (pcsc_pinpad_verify, pcsc_pinpad_modify): Default value + of maxlen for pinpad input is now 15 (was: 25). + + * scd/ccid-driver.c (ccid_transceive_secure): Likewise. + +2013-03-20 Werner Koch <wk@gnupg.org> + + Add code to allow for late memory cleanup. + + commit 2739834206f23833161898a73427b8a9c6d5d26d + * common/init.c (mem_cleanup_item_t): New. + (run_mem_cleanup): New. + (_init_common_subsystems): Add an atexit for it. + (register_mem_cleanup_func): New. + + * g10/kbnode.c (cleanup_registered): New. + (release_unused_nodes): New. + (alloc_node): Call register_mem_cleanup_func. + + kbx: Remove unused macro. + + commit 44159b681f8f09000fabfc3ee294d5821578d3a6 + * kbx/keybox.h (KEYBOX_WITH_OPENPGP): Remove unused macro. + +2013-03-19 Werner Koch <wk@gnupg.org> + + gpg: Print indicator for unknown key capability. + + commit c4dbd1b2de8ae3847a040444e86500848868bcf4 + * g10/keylist.c (print_capabilities): Print '?' for unknown usage. + +2013-03-19 Daniel Kahn Gillmor <dkg@fifthhorseman.net> + + gpg: Allow setting of all zero key flags. + + commit b693ec02c467696bf9d7324dd081e279f9965151 + * g10/keygen.c (do_add_key_flags): Do not check for empty key flags. + +2013-03-19 Werner Koch <wk@gnupg.org> + + gpg: Distinguish between missing and cleared key flags. + + commit 4bde12206c5bf199dc6e12a74af8da4558ba41bf + * include/cipher.h (PUBKEY_USAGE_NONE): New. + * g10/getkey.c (parse_key_usage): Set new flag. + +2013-03-15 NIIBE Yutaka <gniibe@fsij.org> + + scd: ccid-driver supporting larger APDU. + + commit 76dc5c08dc2686eef32e1bd221c60fe91201246f + * scd/ccid-driver.c (ccid_transceive_apdu_level): Support larger + APDU. + + scd: fix missing close paren. + + commit 006782068e4d2a9413770400494421a2e9726ee7 + * scd/app-openpgp.c (du_auth): Fix. + +2013-03-09 NIIBE Yutaka <gniibe@fsij.org> + + scd: support ECDSA signing. + + commit 73ad742deacfe2bf7d6efc7cc30f9ced2d83521a + * scd/app-openpgp.c (do_sign): Only prepend message digest block + for RSA or do_auth. + (do_auth): Remove message digest block for ECDSA. + +2013-03-08 NIIBE Yutaka <gniibe@fsij.org> + + scd: support ECDSA public key. + + commit 010bc7f4f06d8affb98950e1adc76c68bfcc9abb + * scd/app-openpgp.c (key_type_t): New. + (CURVE_NIST_P256, CURVE_NIST_P384, CURVE_NIST_P521): New. + (struct app_local_s): Change keyattr to have key_type and union. + (get_ecc_key_parameters, get_curve_name): New. + (send_key_attr, get_public_key): Support ECDSA. + (build_privkey_template, do_writekey, do_genkey): Follow the change + of the member KEY_ATTR. + (parse_historical): New. + (parse_algorithm_attribute): Support ECDSA. + +2013-03-05 Werner Koch <wk@gnupg.org> + + Require libgpg-error 1.11. + + commit 5bac5040dc93343e1e89916b263390b0e52040bf + * configure.ac: Require libgpg-error 1.11. + * common/util.h (GPG_ERR_NO_KEYSERVER, GPG_ERR_INV_CURVE) + (GPG_ERR_UNKNOWN_CURVE): Remove fallback definitions. + +2013-02-28 NIIBE Yutaka <gniibe@fsij.org> + + agent: pksign result conversion to sexp to upper layer. + + commit ef1983d58b913306e9bf02a7189e530123839c59 + * agent/agent.h (divert_pksign): Add R_SIGLEN argument. + * agent/divert-scd.c (divert_pksign): Return length at R_SIGLEN. + * agent/call-scd.c (agent_card_pksign): Move composition of + S-expression to... + * agent/pksign.c (agent_pksign_do): ... here. + +2013-02-22 Werner Koch <wk@gnupg.org> + + Use has_leading_keyword in the assuan callbacks. + + commit 585d5c62eece23911a768d97d11f159be138b13d + * agent/call-pinentry.c (inq_quality): Use has_leading_keyword. + * agent/call-scd.c (inq_needpin, inq_writekey_parms): Ditto. + * g10/call-agent.c (inq_writecert_parms, keyinfo_status_cb): Ditto. + (inq_genkey_parms, inq_ciphertext_cb, inq_import_key_parms): Ditto. + * g10/call-dirmngr.c (ks_put_inq_cb): Ditto. + * sm/call-agent.c (default_inq_cb, inq_ciphertext_cb): Ditto. + (inq_genkey_parms, istrusted_status_cb, learn_status_cb): Ditto. + (keyinfo_status_cb, inq_import_key_parms): Ditto. + * sm/call-dirmngr.c (inq_certificate, isvalid_status_cb): Ditto. + (lookup_status_cb, run_command_inq_cb, run_command_status_cb): Ditto. + + Remove some unused variables. + + commit c6b8f05517228c6aeab28d2bf5da7724c059bb1a + * tools/gpgconf-comp.c (gc_process_gpgconf_conf): Remove unused + used_components. + * agent/command-ssh.c (ssh_signature_encoder_ecdsa): Mark unused arg. + * g13/g13.c (main): Comment variable of yet unimplemented options. + + gpg: Fix a memory leak in batch key generation. + + commit 161674118d568025896026ede5e03d26bdfdfa68 + * g10/keygen.c (append_to_parameter): New. + (proc_parameter_file): Use new func to extend the parameter list. + + * g10/passphrase.c (passphrase_to_dek_ext): Print a diagnostic of + gcry_kdf_derive failed. + * g10/keygen.c (proc_parameter_file): Print a diagnostic if + passphrase_to_dek failed. + + gpg: Handle the agent's NEW_PASSPHRASE inquiry. + + commit baee681d2406530c45fd6d4bde77193ba23ac263 + * g10/call-agent.c (default_inq_cb): Take care of NEW_PASSPHRASE. + + common: Add func has_leading_keyword. + + commit 2838385e76c8c7108bc949d5a1d1c947051bd5be + * common/stringhelp.c (has_leading_keyword): New. + + Remove build hacks for FreeBSD. + + commit 21f5a9ec27c0794141a835a5bb3c69495ee554a6 + * configure.ac [freebsd]: Do not add /usr/local to CPPFLAGS and + LDFLAGS. + +2013-02-22 NIIBE Yutaka <gniibe@fsij.org> + + agent: fix two bugs. + + commit 3c3648e720b8014828573bd708c88ba4775014e3 + * agent/command.c (cmd_keytocard): Decrement KEYDATALEN. + * agent/findkey.c (agent_public_key_from_file): Increment for ELEMS. + + gpg: fix keytocard and support ECC card for key attribute. + + commit 7d376ffa321d4af6e62a2bc64ef2b8574b122b1a + * g10/call-agent.c (agent_keytocard): Supply PARM arg. + * g10/card-util.c (card_status): Support ECC. + (card_store_subkey): Don't assume RSA. + +2013-02-21 Werner Koch <wk@gnupg.org> + + gpg: Fix a memory leak in batch key generation. + + commit 273bb38cd7b517460cb3de67662e96e910104675 + * g10/keygen.c (append_to_parameter): New. + (proc_parameter_file): Use new func to extend the parameter list. + + * g10/passphrase.c (passphrase_to_dek_ext): Print a diagnostic of + gcry_kdf_derive failed. + * g10/keygen.c (proc_parameter_file): Print a diagnostic if + passphrase_to_dek failed. + + gpg: Handle the agent's NEW_PASSPHRASE inquiry. + + commit 18a261b65fd77a9e434b13483ceaaaf2176f1197 + * g10/call-agent.c (default_inq_cb): Take care of NEW_PASSPHRASE. + + common: Add func has_leading_keyword. + + commit 4af0c62b15c51056dc293c8e3b907e7c41fbf08c + * common/stringhelp.c (has_leading_keyword): New. + +2013-02-20 Werner Koch <wk@gnupg.org> + + Remove build hacks for FreeBSD. + + commit 8e5766c38f3ac376fb8e7c7f2b0f65de23d84cbe + * configure.ac [freebsd]: Do not add /usr/local to CPPFLAGS and + LDFLAGS. + +2013-02-12 NIIBE Yutaka <gniibe@fsij.org> + + gpg: Implement card_store_subkey again. + + commit b90506ea220860c89128f002bd593d0462a08d73 + * g10/call-agent.h (agent_keytocard): New. + * g10/call-agent.c (agent_keytocard): New. + * g10/card-util.c (replace_existing_key_p): Returns 1 when replace. + (card_generate_subkey): Check return value of replace_existing_key_p. + (card_store_subkey): Implement again using agent_keytocard. + + agent: Add KEYTOCARD command. + + commit 30f8a3c8736451d8c06ef72521a8da5eabf23016 + * agent/agent.h (divert_writekey, agent_card_writekey): New. + * agent/call-scd.c (inq_writekey_parms, agent_card_writekey): New. + * agent/command.c (cmd_keytocard, hlp_keytocard): New. + (register_commands): Add cmd_keytocard. + * agent/divert-scd.c (divert_writekey): New. + + Japanese: update po and doc. + + commit 595ab0da666c43a1315a72a1346ee149998d8771 + * doc/help.ja.txt, po/ja.po: Updated. + +2013-02-08 NIIBE Yutaka <gniibe@fsij.org> + + scd: Rename 'keypad' to 'pinpad'. + + commit 7253093addfd82a8dd25cd80e3ba820a85e3c9a7 + * NEWS: Mention scd changes. + + * agent/divert-scd.c (getpin_cb): Change message. + + * agent/call-scd.c (inq_needpin): Change the protocol to + POPUPPINPADPROMPT and DISMISSPINPADPROMPT. + * scd/command.c (pin_cb): Likewise. + + * scd/apdu.c (struct reader_table_s): Rename member functions. + (check_pcsc_pinpad, pcsc_pinpad_verify, pcsc_pinpad_modify, + check_ccid_pinpad, ccid_pinpad_operation, apdu_check_pinpad + apdu_pinpad_verify, apdu_pinpad_modify): Rename. + + * scd/apdu.h (SW_HOST_NO_PINPAD, apdu_check_pinpad) + (apdu_pinpad_verify, apdu_pinpad_modify): Rename. + + * scd/iso7816.h (iso7816_check_pinpad): Rename. + + * scd/iso7816.c (map_sw): Use SW_HOST_NO_PINPAD. + (iso7816_check_pinpad): Rename. + (iso7816_verify_kp, iso7816_change_reference_data_kp): Follow + the change. + + * scd/ccid-driver.h (CCID_DRIVER_ERR_NO_PINPAD): Rename. + * scd/ccid-driver.c (ccid_transceive_secure): Use it. + + * scd/app-dinsig.c (verify_pin): Follow the change. + * scd/app-nks.c (verify_pin): Follow the change. + + * scd/app-openpgp.c (check_pinpad_request): Rename. + (parse_login_data, verify_a_chv, verify_chv3, do_change_pin): Follow + the change. + + * scd/scdaemon.c (oDisablePinpad, oEnablePinpadVarlen): Rename. + + * scd/scdaemon.h (opt): Rename to disable_pinpad, + enable_pinpad_varlen. + + * tools/gpgconf-comp.c (gc_options_scdaemon): Rename to + disable-pinpad. + +2013-02-07 Werner Koch <wk@gnupg.org> + + gpg: Add pinentry-mode feature. + + commit 21feecd48f990b2569cb4b385dea3e57b9501525 + * g10/gpg.c: Include shareddefs.h. + (main): Add option --pinentry-mode. + * g10/options.h (struct opt): Add field pinentry_mode. + * g10/passphrase.c: Include shareddefs.h. + (have_static_passphrase): Take care of loopback pinentry_mode. + (read_passphrase_from_fd): Ditto. + (get_static_passphrase): New. + (passphrase_to_dek_ext): Factor some code out to ... + (emit_status_need_passphrase): new. + * g10/call-agent.c (start_agent): Send the pinentry mode. + (default_inq_cb): Take care of the PASSPHRASE inquiry. Return a + proper error code. + (agent_pksign): Add args keyid, mainkeyid and pubkey_algo. + (agent_pkdecrypt): Ditto. + * g10/pubkey-enc.c (get_it): Pass new args. + * g10/sign.c (do_sign): Pass new args. + + * g10/call-agent.c (struct default_inq_parm_s): New. Change all + similar structs to reference this one. Change all users and inquire + callback to use this struct, instead of NULL or some undefined but not + used structs. This change will help to eventually get rid of global + variables. + +2013-02-06 Werner Koch <wk@gnupg.org> + + agent: Move a typedef to common and provide parse_pinentry_mode. + + commit 8b2b8dfe5c4cd346bbea2c228e75737bbeeca4c4 + * common/agent-opt.c: New. + * common/shareddefs.h: New. + * common/Makefile.am: Add new files. + * agent/agent.h: Include shareddefs.h. + (pinentry_mode_t): Factor out to shareddefs.h. + * agent/command.c (option_handler): Use parse_pinentry_mode. + + agent: Return a better error code if no passphrase was given. + + commit 4483a4f0ea030046137ba04905eb5220c14a2161 + * agent/protect.c (hash_passphrase): Handle an empty passphrase. + +2013-02-05 NIIBE Yutaka <gniibe@fsij.org> + + scd: Fix check_keypad_request. + + commit c27315fc6466cceb862c9e67755a8e044e9b7688 + * scd/app-openpgp.c (check_keypad_request): 0 means not to use pinpad. + + SCD: Add vendor specific initalization. + + commit e791ac6683bfb90d5e40c0103324784bd58535c9 + * scd/ccid-driver.c (ccid_vendor_specific_init): New. + (ccid_open_reader): Call ccid_vendor_specific_init. + + SCD: Support P=N format for login data. + + commit 0407e642f796fb2780a77b7a1a86731d0de27e5d + * scd/app-openpgp.c (parse_login_data): Support P=N format. + + SCD: Better interoperability. + + commit bd5eded73a1268afdf81482f8408e5f640abf9c4 + * scd/apdu.c: Fill bTeoPrologue[2] field. + + SCD: Defaults to use pinpad if the reader has the capability. + + commit a9ff97a10f7ae5a703ed1bccba294473ecc88d5d + * scd/app-openpgp.c (struct app_local_s): Remove VARLEN. + (parse_login_data): "P=0" means to disable pinpad. + (check_keypad_request): Default is to use pinpad if available. + + SCD: handle keypad request on the card. + + commit 334ba6efa5a05d8849fae213128a0505e7615e13 + * scd/app-openpgp.c: Add 2013. + (struct app_local_s): Add keypad structure. + (parse_login_data): Add parsing keypad request on the card. + (check_keypad_request): New. + (verify_a_chv, verify_chv3, do_change_pin): Call check_keypad_request + to determine use of keypad. + + SCD: Minor fix of ccid-driver. + + commit d5bf83a24cf3871b7d8cfe61049f70e1e206d09a + * scd/ccid-driver.c (VENDOR_VEGA): Fix typo. + + SCD: Add support of Covadis VEGA_ALPHA reader. + + commit 82e1e837c29225cd55642b193cc04ce6191d19bb + * scd/ccid-driver.c: Add 2013. + (VENDER_VEGA, VEGA_ALPHA):New. + (ccid_transceive_secure): VEGA_ALPHA is same firmware as GEMPC_PINPAD. + Change bNumberMessage to 0x01, as it works better (was: 0xff). + + SCD: Support fixed length PIN input for keypad (PC/SC). + + commit 3aae780f9debaeb3560ff866b7e09d0923481c57 + * scd/apdu.c (pcsc_keypad_verify): SUpport fixed length PIN input for + keypad. + (pcsc_keypad_modify): Likewise. + * scd/ccid-driver.c (ccid_transceive_secure): Clean up. + + SCD: Support fixed length PIN input for keypad. + + commit 40a914a2e3052847b49c4b5e8ac8538e97efd18a + * scd/iso7816.h (struct pininfo_s): Remove MODE and add FIXEDLEN. + * scd/app-dinsig.c (verify_pin): Initialize FIXEDLEN to unknown. + * scd/app-nks.c (verify_pin): Likewise. + * scd/app-openpgp.c (verify_a_chv, verify_chv3, do_change_pin): + Likewise. + * scd/apdu.c (check_pcsc_keypad): Add comment. + (pcsc_keypad_verify, pcsc_keypad_modify): PC/SC driver only support + readers with the feature of variable length input (yet). + (apdu_check_keypad): Set FIXEDLEN. + * scd/ccid-driver.c (ccid_transceive_secure): Add GEMPC_PINPAD + specific settings. + Support fixed length PIN input for keypad. + + SCD: API cleanup for keypad handling. + + commit b526f6e223604b7c1852ef2aab9fc1ea691b1181 + * scd/iso7816.h (struct pininfo_s): Rename from iso7816_pininfo_s. + Change meaning of MODE. + (pininfo_t): Rename from iso7816_pininfo_t. + * scd/sc-copykeys.c: Include "iso7816.h". + * scd/scdaemon.c, scd/command.c: Likewise. + * scd/ccid-driver.c: Include "scdaemon.h" and "iso7816.h". + (ccid_transceive_secure): Follow the change of PININFO_T. + * scd/app.c: Include "apdu.h" after "iso7816.h". + * scd/iso7816.c (iso7816_check_keypad, iso7816_verify_kp) + (iso7816_change_reference_data_kp): Follow the change of API. + * scd/apdu.c (struct reader_table_s): Change API of CHECK_KEYPAD, + KEYPAD_VERIFY, KEYPAD_MODIFY to have arg of PININFO_T. + (check_pcsc_keypad, check_ccid_keypad): Likewise. + (apdu_check_keypad, apdu_keypad_verify, apdu_keypad_modify): Likewise. + (pcsc_keypad_verify, pcsc_keypad_modify, ct_send_apdu) + (pcsc_send_apdu_direct, pcsc_send_apdu_wrapped, pcsc_send_apdu) + (send_apdu_ccid, ccid_keypad_operation, my_rapdu_send_apdu, send_apdu) + (send_le): Follow the change of API. + * scd/apdu.h (apdu_check_keypad, apdu_keypad_verify) + (apdu_keypad_modify): Change the API. + * scd/app-dinsig.c, scd/app-nks.c, scd/app-openpgp.c: Follow the + change. + + SCD: Clean up. Remove PADLEN for keypad input. + + commit ca89277cb4cb9558da97a71a4cb070cb77c9b536 + * scd/apdu.c (struct pininfo_s): Use iso7816_pininfo_s. + (struct reader_table_s): Remove last arg from check_keypad method. + (check_pcsc_keypad, check_pcsc_keypad): Remove PIN_PADLEN. + (pcsc_keypad_verify, pcsc_keypad_modify): Don't check PIN_PADLEN. + (send_apdu_ccid, ccid_keypad_operation): Remove PIN_PADLEN. + (apdu_check_keypad, apdu_keypad_verify, apdu_keypad_modify): + Likewise. + + * scd/apdu.h (apdu_check_keypad, apdu_keypad_verify) + (apdu_keypad_modify): Remove PIN_PADLEN. + + * scd/ccid-driver.c (ccid_transceive_secure): Remove PIN_PADLEN. + + * scd/ccid-driver.h (ccid_transceive_secure): Remove PIN_PADLEN. + + * scd/iso7816.c (iso7816_check_keypad, iso7816_verify_kp) + (iso7816_change_reference_data_kp): Remove PADLEN. + + * scd/iso7816.h (struct iso7816_pininfo_s): Remove PADLEN, PADCHAR. + + SCD: Add option enable-keypad-varlen and support for GEMPC_PINPAD. + + commit d9f6cc7502793ed41928042cc2f968c8c7effc22 + * scd/scdaemon.h (opt): Add enable_keypad_varlen. + * scd/scdaemon.c (cmd_and_opt_values): Add oEnableKeypadVarlen. + (opts, main): Add oEnableKeypadVarlen. + * scd/ccid-driver.c (GEMPC_PINPAD): New. + (ccid_transceive_secure): Add enable_varlen handling. + Enable GEMPC_PINPAD. + +2013-01-30 Werner Koch <wk@gnupg.org> + + Remove unused status codes. + + commit 50a7badbdacac8ba472b35090c1aab4568434d04 + * common/status.h (STATUS_BEGIN_STREAM, STATUS_END_STREAM) + (STATUS_SIEXPIRED): Remove unused codes. + + gpg: Add status line PINENTRY_LAUNCHED. + + commit 1cd6445eec4c3642ad92afb02f3563a01cc10c10 + * common/status.h (STATUS_PINENTRY_LAUNCHED): New. + * g10/server.c (server_local_s): Add field allow_pinentry_notify. + (option_handler): Add option "allow-pinentry-notify". + (gpg_proxy_pinentry_notify): New. + * g10/call-agent.c (default_inq_cb): Factor code out to the new + function. + +2013-01-25 NIIBE Yutaka <gniibe@fsij.org> + + agent: Fix a bug of handling return code from npth_join. + + commit 19994466449a93704d38d429ca1ea36f63da0bf0 + * agent/call-pinentry.c (agent_popup_message_stop): Fix npth_join + return code. + +2013-01-11 Christian Aistleitner <christian@quelltextlich.at> + + gpg: Fix honoring --cert-digest-algo when recreating a cert. + + commit 60c58766aeb847b769372fa981f79abac6014500 + * g10/sign.c (update_keysig_packet): Override original signature's + digest algo in hashed data and for hash computation. + +2013-01-11 Werner Koch <wk@gnupg.org> + + Fix spurious cruft from configure summary output. + + commit 7a638c094fa1aa7ed1d9caf085af9980a2664d64 + * configure.ac (build_scdaemon_extra): Remove $tmp cruft. + +2013-01-11 NIIBE Yutaka <gniibe@fsij.org> + + SCD: Hold lock for pinpad input. + + commit 4dddf32c83f52483d95d7770232e9e808558e702 + * scd/apdu.c (apdu_check_keypad, apdu_keypad_verify) + (apdu_keypad_modify): Hold lock to serialize communication. + +2013-01-08 Werner Koch <wk@gnupg.org> + + kbx: Switch from MD5 to SHA-1 for the checksum. + + commit b11f84b858bad867f1062977a7aba30299157e90 + * kbx/keybox-blob.c (put_membuf): Use a NULL buf to store zero bytes. + (create_blob_finish): Write just the needed space. + (create_blob_finish): Switch to SHA-1. + * kbx/keybox-dump.c (print_checksum): New. + (_keybox_dump_blob): Print the checksum and the verification status. + + gpg: Cache keybox searches. + + commit 492792378dc7a79316ef742b2ffaa46c6cda282a + * common/iobuf.c (iobuf_seek): Fix for temp streams. + * g10/pubkey-enc.c (get_session_key, get_it): Add some log_clock calls. + * g10/keydb.c (dump_search_desc): New. + (enum_keyblock_states, struct keyblock_cache): New. + (keyblock_cache_clear): New. + (keydb_get_keyblock, keydb_search): Implement a keyblock cache. + (keydb_update_keyblock, keydb_insert_keyblock, keydb_delete_keyblock) + (keydb_rebuild_caches, keydb_search_reset): Clear the cache. + + Make log_clock easier to read. + + commit 5c565512b8af73bee2a176530663154b9277ef1c + * common/logging.c (log_clock): Print in microseconds. + + gpg: Remove a function wrapper. + + commit f3f5721e6843a08d1011875400f385b8cd5fe226 + * g10/keydb.h (keydb_search): Remove macro. + * g10/keydb.c (keydb_search2): Rename to keydb_search. Change all + callers. + +2013-01-08 NIIBE Yutaka <gniibe@fsij.org> + + SCD: Support not-so-smart card readers. + + commit a776f660363d20b6cc023609c4547e0aa8825d97 + * scd/ccid-driver.c (struct ccid_driver_s): Add auto_voltage, + auto_param, and auto_pps. + (parse_ccid_descriptor): Set auto_voltage, auto_param, and auto_pps. + Support non-autoconf readers. + (update_param_by_atr): New. + (ccid_get_atr): Use 5V for PowerOn when auto_voltage is not supported. + Use 0x10 when nonnull_nad for SetParameters. + Call update_param_by_atr for parsing ATR, and use param for + SetParameters. + Send PPS if reader requires it and card is negotiable. + When bNadValue in the return values of SetParameters == 0, + clear handle->nonnull_nad flag. + +2013-01-07 Werner Koch <wk@gnupg.org> + + gpg: Set the node flags while retrieving a keyblock. + + commit f6d7b3f1ee5eed32bc3257c99cb878091d26c482 + * g10/keydb.c (parse_keyblock_image): Add args PK_NO and UID_NO and + set the note flags accordingly. + (keydb_get_keyblock): Transfer PK_NO and UID_NO to parse_keyblock_image. + * kbx/keybox-search.c (blob_cmp_fpr, blob_cmp_fpr_part) + (blob_cmp_name, blob_cmp_mail): Return the key/user number. + (keybox_search): Set the key and user number into the found struct. + (keybox_get_keyblock): Add args R_PK_NO and R_UID_NO and set them from + the found struct. + + New function log_clock. + + commit 0baedfd25a4bdc6c8e7aefbd67006b063e2dc33f + * common/logging.c (log_clock): New. + * g10/gpg.c (set_debug): Print clock debug flag. + * g10/options.h (DBG_CLOCK_VALUE, DBG_CLOCK): New. + + gpg: Allow searching for user ids in a keybox. + + commit fb31462e7e92d4b19256e6fd40b1b6ffcef2676c + * kbx/keybox-search.c (blob_cmp_name): Add arg X509 and adjust for PGP + use. Change callers. + (blob_cmp_mail): Add arg X509 and find the mailbox offset for PGP. + Chnage callers. + (has_subject_or_alt): Rename to has_username. + (has_username): Allow blobtype PGP. + (has_mail): Ditto. + + gpg: Allow generation of more than 4096 keys in one run. + + commit 7d00e52bd58d9e40c18dcc0122b2c236ef3318f5 + * g10/getkey.c (cache_public_key): Make room in the cache if needed. + +2013-01-07 NIIBE Yutaka <gniibe@fsij.org> + + Update Japanese Translation. + + commit bb51edc31e6595e38fcbd91d470de57d3a1a7150 + * po/ja.po: Fix wrong translations for designated revocation. + Reported by Hideki Saito. + + Conflicts: + po/ja.po + +2013-01-05 NIIBE Yutaka <gniibe@fsij.org> + + Update Japanese Translation. + + commit 05a4458e5721a0afd600f0ec908e739fa83d58f2 + * po/ja.po: Fix fuzzy translations. + +2013-01-03 NIIBE Yutaka <gniibe@fsij.org> + + Update Japanese Translation. + + commit 709a8f8125b9ba5e1ad1e6268cca5ac96d478f63 + * po/ja.po: Update with POT. + + Update Japanese Translation. + + commit 0fae789c4125dd8492ed25bd6728b5ac98f19729 + * po/ja.po: Start from the new one of 2.0. + +2012-12-28 Werner Koch <wk@gnupg.org> + + gpg: Add signature cache support to the keybox. + + commit 79f08fb0699f4a065e3a29bc7676a90534d7ba60 + * g10/keydb.c (parse_keyblock_image): Add arg SIGSTATUS. + (keydb_get_keyblock): Handle it. + (build_keyblock_image): Add arg SIGSTATUS. + (keydb_insert_keyblock): Handle it. + * kbx/keybox-blob.c (pgp_create_sig_part): Add arg SIGSTATUS. + (_keybox_create_openpgp_blob): Ditto. + * kbx/kbxutil.c (import_openpgp): Adjust for above change. + * kbx/keybox.h (KEYBOX_FLAG_SIG_INFO): New. + * kbx/keybox-search.c (_keybox_get_flag_location): Handle new flag. + (keybox_get_keyblock): Add arg R_SIGSTATUS. + * kbx/keybox-update.c (keybox_insert_keyblock): Add arg SIGSTATUS. + + kbxutil: Improve format of the Sig-Expire lines. + + commit 564d10ea5cd29685a00a4096d69ae2476b60506f + * kbx/keybox-dump.c (_keybox_dump_blob): Print the expirate timestamp. + + gpg: First working support for keyboxes. + + commit a9863834244fc2a58d8950977243702d12e420a1 + * g10/getkey.c (get_pubkey_fast): Improve the assertion. + * kbx/keybox.h: Include iobuf.h. + * kbx/keybox-blob.c (keyboxblob_uid): Add field OFF. + (KEYBOX_WITH_OPENPGP): Remove use of this macro. + (pgp_create_key_part_single): New. + (pgp_temp_store_kid): Change to use the keybox-openpgp parser. + (pgp_create_key_part): Ditto. + (pgp_create_uid_part): Ditto. + (pgp_create_sig_part): Ditto. + (pgp_create_blob_keyblock): Ditto. + (_keybox_create_openpgp_blob): Ditto. + * kbx/keybox-search.c (keybox_get_keyblock): New. + * kbx/keybox-update.c (keybox_insert_keyblock): New. + * g10/keydb.c (parse_keyblock_image): + (keydb_get_keyblock): Support keybox. + (build_keyblock_image): New. + (keydb_insert_keyblock): Support keybox. + + * kbx/kbxutil.c (import_openpgp, main): Add option --dry-run and print + a kbx file to stdout. + + * kbx/keybox-file.c (_keybox_read_blob2): Allow keyblocks up to 10^6 + bytes. + + kbxutil: Print algo number and fold similar lines. + + commit f7495f1004071a0ceac394007bb37f88d7a3467f + * kbx/keybox-defs.h (_keybox_openpgp_key_info): Add field ALGO. + * kbx/keybox-openpgp.c (parse_key): Store algo. + * kbx/kbxutil.c (dump_openpgp_key): Print algo number. + * kbx/keybox-dump.c (_keybox_dump_blob): Print identical Sig-Expire + value lines with a range of indices. + +2012-12-27 Werner Koch <wk@gnupg.org> + + gpg: First patches to support a keybox storage backend. + + commit 91e61d52539b1808e209c43e51465c76cebb06f9 + * kbx/keybox-defs.h (_keybox_write_header_blob): Move prototype to .. + * kbx/keybox.h: here. + * kbx/keybox-init.c (keybox_lock): Add dummy function + * g10/keydb.c: Include keybox.h. + (KeydbResourceType): Add KEYDB_RESOURCE_TYPE_KEYBOX. + (struct resource_item): Add field kb. + (maybe_create_keyring_or_box): Add error descriptions to diagnostics. + Add arg IS_BOX. Write a header for a new keybox file. + (keydb_add_resource): No more need for the force flag. Rename the + local variable "force" to "create". Add URL scheme "gnupg-kbx". Add + magic test to detect a keybox file. Add basic support for keybox. + (keydb_new, keydb_get_resource_name, keydb_delete_keyblock) + (keydb_locate_writable, keydb_search_reset, keydb_search2): Add + support for keybox. + (lock_all, unlock_all): Ditto. + * g10/Makefile.am (needed_libs): Add libkeybox.a. + (gpg2_LDADD, gpgv2_LDADD): Add KSBA_LIBS as a workaround. + + * g10/keydb.h (KEYDB_RESOURCE_FLAG_PRIMARY) + KEYDB_RESOURCE_FLAG_DEFAULT, KEYDB_RESOURCE_FLAG_READONLY): New. + * g10/gpg.c, g10/gpgv.c (main): Use new constants. + +2012-12-20 Werner Koch <wk@gnupg.org> + + gpg: Import only packets which are allowed in a keyblock. + + commit f0b33b6fb8e0586e9584a7a409dcc31263776a67 + * g10/import.c (valid_keyblock_packet): New. + (read_block): Store only valid packets. + +2012-12-19 Werner Koch <wk@gnupg.org> + + gpg: Make commit 2b3cb2ee actually work. + + commit d61f7402f2b0f6dd288e403ed9408fd65e617f85 + * g10/sign.c (update_keysig_packet): Use digest_algo. + + (cherry-picked from commit d23ec86095714d388acac14b515445fe69f019e9) + + gpg: Suppress "public key already present" in quiet mode. + + commit 8325d616593187ff227853de0295e3269b96edcb + * g10/pkclist.c (find_and_check_key, build_pk_list): Print a + diagnostic only in non-quiet mode. + +2012-12-18 Werner Koch <wk@gnupg.org> + + common: Add meta option ignore-invalid-option. + + commit 41d564333d35c923f473aa90625d91f8fe18cd0b + * common/argparse.c (iio_item_def_s, IIO_ITEM_DEF): New. + (initialize): Init field IIO_LIST. + (ignore_invalid_option_p): New. + (ignore_invalid_option_add): New. + (ignore_invalid_option_clear): New. + (optfile_parse): Implement meta option. + +2012-12-13 Werner Koch <wk@gnupg.org> + Hans of Guardian <hans@guardianproject.info> + + utf8conv.c: Add hacks for Android. + + commit 6177fb3c87f485fb654bbba492d04508755718b3 + * common/utf8conv.c [HAVE_ANDROID_SYSTEM]: Do not include iconv.h. + (iconv_open, iconv_close, load_libiconv) [HAVE_ANDROID_SYSTEM]: New + dummy functions. + (set_native_charset) [HAVE_ANDROID_SYSTEM]: Force use of "utf-8". + (jnlib_iconv_open) [HAVE_ANDROID_SYSTEM]: Act the same as under W32. + (jnlib_iconv) [HAVE_ANDROID_SYSTEM]: Ditto. + (jnlib_iconv_close) [HAVE_ANDROID_SYSTEM]: Ditto. + +2012-12-13 NIIBE Yutaka <gniibe@fsij.org> + + SCD: Fix the process of writing key or generating key. + + commit e7dca3e83ebd6df0a7ea55e97c3cd6e91be90af5 + * scd/app-openpgp.c (store_fpr): Flush KEY-FPR and KEY-TIME. + +2012-12-12 Werner Koch <wk@gnupg.org> + + ssh: Support ECDSA keys. + + commit 649b31c663b8674bc874b4ef283d714a13dc8cfe + * agent/command-ssh.c (SPEC_FLAG_IS_ECDSA): New. + (struct ssh_key_type_spec): Add fields CURVE_NAME and HASH_ALGO. + (ssh_key_types): Add types ecdsa-sha2-nistp{256,384,521}. + (ssh_signature_encoder_t): Add arg spec and adjust all callers. + (ssh_signature_encoder_ecdsa): New. + (sexp_key_construct, sexp_key_extract, ssh_receive_key) + (ssh_convert_key_to_blob): Support ecdsa. + (ssh_identifier_from_curve_name): New. + (ssh_send_key_public): Retrieve and pass the curve_name. + (key_secret_to_public): Ditto. + (data_sign): Add arg SPEC and change callers to pass it. + (ssh_handler_sign_request): Get the hash algo from SPEC. + * common/ssh-utils.c (get_fingerprint): Support ecdsa. + + * agent/protect.c (protect_info): Add flag ECC_HACK. + (agent_protect): Allow the use of the "curve" parameter. + * agent/t-protect.c (test_agent_protect): Add a test case for ecdsa. + + * agent/command-ssh.c (ssh_key_grip): Print a better error code. + +2012-12-11 Werner Koch <wk@gnupg.org> + + ssh: Rewrite a function for better maintainability. + + commit f76a0312c3794afd81fe1e172df15eb0612deae0 + * agent/command-ssh.c (ssh_signature_encoder_dsa): Rewrite. + +2012-12-10 Werner Koch <wk@gnupg.org> + + ssh: Improve key lookup for many keys. + + commit d2777f84be0ded5906a9bec3bc23cfed0a9be02f + * agent/command-ssh.c: Remove dirent.h. + (control_file_s): Add struct item. + (rewind_control_file): New. + (search_control_file): Factor code out to ... + (read_control_file_item): New. + (ssh_handler_request_identities): Change to iterate over entries in + sshcontrol. + + ssh: Cleanup sshcontrol file access code. + + commit 25fb53ab4ae7e1c098500229c776d29b82713a20 + * agent/command-ssh.c (SSH_CONTROL_FILE_NAME): New macro to replace + the direct use of the string. + (struct control_file_s, control_file_t): New. + (open_control_file, close_control_file): New. Use them instead of + using fopen/fclose directly. + + agent: Add envvar "gnupg_SSH_AUTH_SOCK_by" + + commit 36ba7845995dd3caf8faeec3e09b3ffb879fc29b + * agent/gpg-agent.c (main): Pass new envar gnupg_SSH_AUTH_SOCK_by to + an invoked process. + + config: Update npth.m4. + + commit ceab60b59d907354d323ace09d7b3f2d36d330fb + * m4/npth.m4: Take from current npth master. + +2012-12-04 NIIBE Yutaka <gniibe@fsij.org> + + Revert SCD changes of 2010-05-03. + + commit 1e1326aeb8923782138e133f091afec41d969c40 + * scd/apdu.c (pcsc_no_service): Remove. + (open_pcsc_reader_direct, open_pcsc_reader_wrapped): Remove + pcsc_no_service support. + (apdu_open_reader): Remove R_NO_SERVICE. + * scd/apdu.h (apdu_open_reader): Remove R_NO_SERVICE. + * scd/command.c (reader_disabled): Remove. + (get_current_reader): Follow the change of R_NO_SERVICE. + (open_card, cmd_serialno, scd_command_handler): Remove reader_disabled + support. + * scd/sc-copykeys.c (main): Follow the change of R_NO_SERVICE. + + Don't keep opening unavailable card reader. + + commit baf7b09e124f9eb4ca4b8ee02474ee7710a95a40 + * scd/command.c (update_reader_status_file): Don't call + get_current_reader. + +2012-11-30 David Shaw <dshaw@jabberwocky.com> + + Refresh sample keys. + + commit b8eb2ab56971a309353ae2682bc6ef1357e9ac53 + + + Adjust awk to not add trailing whitespace. + + commit 3f8ad564674431b4c0c6cff259f02248c80a6ef9 + * mksamplekeys: Tweak awk script to not add trailing whitespace to + blank lines (makes git pre-commit hook unhappy) + +2012-11-29 David Shaw <dshaw@jabberwocky.com> + + The keyserver search menu should honor --keyid-format. + + commit 7602d9e3edda99b0b65ba928eef435dab04ecd09 + * keyserver.c (print_keyrec): Honor --keyid-format when getting back + full fingerprints from the keyserver (the comment in the code was + correct, the code was not). + +2012-11-27 Werner Koch <wk@gnupg.org> + + Fix printing of ECC algo names in hkp keyserver listings. + + commit 3d2da6c82163ffbc2e827abc4144dc3197ed53db + * g10/keyserver.c (print_keyrec): Map OpenPGP algorithm ids. + +2012-11-26 Ben Kibbey <bjk@luxsci.net> + + Check for inet_addr() in -lnsl. + + commit 66331e138ec17e176cc3f45bb095820866d5358c + * configure.ac: Check for inet_addr() in libnsl. + +2012-11-20 Werner Koch <wk@gnupg.org> + + Do not use a broken ttyname. + + commit 835698b72bc509565aad52b0753f1c56c1a8f062 + * configure.ac (HAVE_BROKEN_TTYNAME): New ac_define set for Android + systems. + * common/util.h (gnupg_ttyname): New macro. Change all callers of + ttyname to use this macro instead. + (ttyname) [W32]: Rename to _gnupg_ttyname and use also if + HAVE_BROKEN_TTYNAME is defined. + * common/simple-pwquery.c (agent_send_all_options): Keep on using + ttyname unless HAVE_BROKEN_TTYNAME is set. This is because this file + may be used standalone. + +2012-11-16 Werner Koch <wk@gnupg.org> + + Fix non-portable use of chmod in autogen.sh. + + commit e7bc5012c568da9ceb0a80a8f3fe3edf3dac9564 + * autogen.sh: Remove option -c from chmod. + + Improve parsing of the GIT revision number. + + commit 011faa0c68cf0c628ef581193166e9ac9bf22b71 + * configure.ac (mmm4_revision): Use git rev-parse. + + Add an OpenPGP card vendor. + + commit ac775780fef3ef63f896e822add9ff6ea7e5119c + * g10/card-util.c (get_manufacturer): Add Yubico. + +2012-11-06 Werner Koch <wk@gnupg.org> + + agent: Use wipememory instead of memset in one place. + + commit 9f0e9ea80ca30269770eb955e33b54401bff917f + * agent/command.c (clear_outbuf): Use wipememory. Suggested by Ben + Kibbey. + + Allow decryption with card keys > 3072 bits. + + commit 905b6a36d3ca21b2f619721e1de892398e5eb759 + * scd/command.c (MAXLEN_SETDATA): New. + (cmd_setdata): Add option --append. + * agent/call-scd.c (agent_card_pkdecrypt): Use new option for long + data. + + * scd/app-openpgp.c (struct app_local_s): Add field manufacturer. + (app_select_openpgp): Store manufacturer. + (do_decipher): Print a note for broken cards. + +2012-11-02 NIIBE Yutaka <gniibe@fsij.org> + + agent: Fix wrong use of gcry_sexp_build_array. + + commit 8f8c29d24ca13f987e6c118702b428a2051b7072 + * findkey.c (agent_public_key_from_file): Fix use of + gcry_sexp_build_array. + +2012-10-31 NIIBE Yutaka <gniibe@fsij.org> + + SCD: Upon error, open_pcsc_reader_wrapped does same as _direct. + + commit 8df89f3e9cf0255f11011c2f1df0d419a5c23a8c + * scd/apdu.c (PCSC_E_NO_SERVICE): New. + (open_pcsc_reader_direct): Use PCSC_E_NO_SERVICE. + (open_pcsc_reader_wrapped): Set pcsc_no_service. + +2012-08-24 Werner Koch <wk@gnupg.org> + + Update and enable French translation. + + commit 76055d49d1c8b8e4f6245e6729cae81b1eaecbf6 + * po/fr.po: Update. + * po/LINGUAS: Enable fr. + +2012-08-24 David Prévot <taffit@debian.org> + + Fix typos spotted during translations. + + commit ba591e2f14c0d85ba15346ffd04b9e7d72ec89dc + * agent/genkey.c: s/to to/to/ + * sm/*.c: s/failed to allocated/failed to allocate/ + * sm/certlist.c, ./dirmngr/validate.c: s/should have not/should not have/ + * g10/seskey.c: missing closing parenthesis + * dirmngr/crlcache.c: s/may has/may have/ + + Consistency fix: + + * g10/gpg.c, kbx/kbxutil.c, sm/gpgsm.c: uppercase after Syntax + * dirmngr/dirmngr_ldap: no period in Syntax + * dirmngr/dirmngr-client.c: infinitive for option description: + s/certificates are expected/expect certificates/ + + Keep previous msgids of translated messages. + + commit bf95408fc33709d154cd41566d33af3ec3c48886 + * po/Makefile.in.in: Use --previous with msgmerge. + +2012-08-24 Hans-Christoph Steiner <hans@eds.org> + + Fix build system for Android by disabling tests since its x-compiled. + + commit 1da04bfb3f5714a0fa6d0b779d0d2ae4e9544b8f + * configure.ac (HAVE_ANDROID_SYSTEM, RUN_TESTS): New. + (AH_BOTTOM) [__ANDROID__]: Do not re-define ttyname. + * Makefile.am: Depend tests on new RUN_TESTS conditional. + +2012-08-24 Werner Koch <wk@gnupg.org> + + Fix left over use of jnlib on some platforms. + + commit 8156a38674421deef6c2eb3e91e0186fe7fe4b26 + * tools/watchgnupg.c: Take mischelp.h from common/ and not jnlib/. + +2012-06-25 NIIBE Yutaka <gniibe@fsij.org> + + scd: handle reader/token removal. + + commit ca8eec8e28abb8473d02dbaf8d61cfb1094c5c50 + * scd/apdu.c (pcsc_error_to_sw): PCSC_E_UNKNOWN_READER means + SW_HOST_NO_READER. + +2012-06-05 Werner Koch <wk@gnupg.org> + + Change all quotes in strings and comments to the new GNU standard. + + commit 096e7457ec636bcfcf128678660eb2f2e19f113a + The asymmetric quotes used by GNU in the past (`...') don't render + nicely on modern systems. We now use two \x27 characters ('...'). + + The proper solution would be to use the correct Unicode symmetric + quotes here. However this has the disadvantage that the system + requires Unicode support. We don't want that today. If Unicode is + available a generated po file can be used to output proper quotes. A + simple sed script like the one used for en@quote is sufficient to + change them. + + The changes have been done by applying + + sed -i "s/\`\([^'\`]*\)'/'\1'/g" + + to most files and fixing obvious problems by hand. The msgid strings in + the po files were fixed with a similar command. + +2012-05-24 Werner Koch <wk@gnupg.org> + + Print the hash algorithm in colon mode key listing. + + commit fc00d3fcb201476b3495f47138fa35b71c52f403 + * g10/keylist.c (list_keyblock_colon): Print digest_algo. + + Fix type conflict warning. + + commit f8a8c71c41bc1893df8af6ce522876ccbf6240a9 + * g10/keylist.c: Change min_cert_level to a byte. + +2012-05-11 Werner Koch <wk@gnupg.org> + + Switch to the new automagic beta numbering scheme. + + commit 68777b40dcf215305a325185f6bd9cfd6dcc0542 + * configure.ac: Add all the require m4 magic. + +2012-05-08 Werner Koch <wk@gnupg.org> + + Add tweaks for the not anymore patented IDEA algorithm. + + commit b4d9f8dbc8e074cd91bbd3e2e54e2b77c9268d1a + * g10/keygen.c (keygen_set_std_prefs): Include IDEA only in PGP2 + compatibility mode. + * g10/misc.c (idea_cipher_warn): Remove. Also remove all callers. + * common/status.h (STATUS_RSA_OR_IDEA): Remove. Do not emit this + status anymore. + + po: Update de.po. + + commit 59b77f9ea7dfa4d5c74573d2186c9a3e129ab3bf + * po/de.po: Update. + + common: Remove generated files only during maintainer-clean. + + commit d800fa5ce6102e069305f8e1a5d55d18ac3a1993 + * common/Makefile.am (CLEANFILES): Rename to MAINTAINERCLEANFILES. + +2012-04-30 Werner Koch <wk@gnupg.org> + + agent: Fix deadlock in trustlist due to the switch to npth. + + commit 0f02fba19df16c82ca1ad44a8cb09f952d755598 + * agent/trustlist.c (clear_trusttable): New. + (agent_reload_trustlist): Use new function. + (read_trustfiles): Require to be called with lock held. + (agent_istrusted): Factor all code out to ... + (istrusted_internal): new. Add ALREADY_LOCKED arg. Make sure the + table islocked. Do not print TRUSTLISTFLAG stati if called internally. + (agent_marktrusted): Replace calls to agent_reload_trustlist by + explicit code. + +2012-04-26 NIIBE Yutaka <gniibe@fsij.org> + + make DNS and URI fields work in gpgsm --gen-key. + + commit 8d7522837c6dba3065d24594bcdbe7b99a702cde + * sm/certreqgen-ui.c (gpgsm_gencertreq_tty): Actually set mb_uri and + mb_dns.avoid buffer strncpy-induced buffer overrun + +2012-04-26 Jim Meyering <jim@meyering.net> + + avoid buffer strncpy-induced buffer overrun. + + commit 20c9ac4df34e25f7085bb4e4ab5ea7223932f5c4 + * dirmngr/crlcache.c (open_dir): Ensure that both this_update + and next_update member strings are NUL-terminated. + + remove doubled words in a comment. + + commit 6e3882785a629b361c57c8b9d5cad51fb234ac23 + + +2012-04-20 Werner Koch <wk@gnupg.org> + + Change license for some files in common to LGPLv3+/GPLv2+. + + commit 37df3d5f593f76ddbf1b9dc6de0173b7bb85c0ad + Having the LGPL on the common GnuPG code helps to share code + between GnuPG and related projects (like GPGME and Libassuan). This + is good for interoperability and to reduces bugs. + + * common/asshelp.c, common/asshelp.h, common/asshelp2.c, common/b64dec.c + * common/b64enc.c, common/convert.c, common/dns-cert.c + * common/dns-cert.h common/exechelp-posix.c, common/exechelp-w32.c + * common/exechelp-w32ce.c, common/exechelp.h, common/get-passphrase.c + * common/get-passphrase.h, common/gettime.c, common/gpgrlhelp.c + * common/helpfile.c, common/homedir.c, common/http.c, common/http.h + * common/i18n.c, common/init.c, common/init.h, common/iobuf.c + * common/iobuf.h, common/localename.c, common/membuf.c, common/membuf.h + * common/miscellaneous.c, common/openpgp-oid.c, common/openpgpdefs.h + * common/percent.c, common/pka.c, common/pka.h, common/session-env.c + * common/session-env.h, common/sexp-parse.h, common/sexputil.c + * common/signal.c, common/srv.c, common/srv.h, common/ssh-utils.c + * common/ssh-utils.h, common/sysutils.c, common/sysutils.h + * common/tlv.c, common/tlv.h, common/ttyio.c, common/ttyio.h + * common/userids.c, common/userids.h, common/xasprintf.c: Change + license to LGPLv3+/GPLv2+/ + +2012-04-10 Ben Kibbey <bjk@luxsci.net> + + Fix killing PID -1. + + commit bee0ac28c9c8027540ae56900b9f85e0bd555f1d + When the KILLSCD command had been sent a race condition would occur + causing PID -1 getting killed, which on Linux seems to terminate all + applications for the current user. + +2012-04-05 Werner Koch <wk@gnupg.org> + + Do not mix test result with progress lines. + + commit f1e1387bee286c7434f0462185048872bcdb4484 + This makes parsing of the results easier. Fixes bug#1400. + + * tests/openpgp/defs.inc (progress_cancel, progress_end) + (progress_new): New. + * tests/openpgp/conventional-mdc.test: Use progress functions + * tests/openpgp/conventional.test: Ditto. + * tests/openpgp/encrypt-dsa.test: Ditto. + * tests/openpgp/encrypt.test: Ditto. + * tests/openpgp/sigs.test: Ditto. + +2012-04-04 Ben Kibbey <bjk@luxsci.net> + + Mention status messages in the documentation. + + commit 99fc61f1cf09c7f72a9037d91d3cf0cd2e035ae6 + Note INQUIRE_MAXLEN. + + Document PASSWD --preset. + + commit a577f06c4aecc0af5b492e15812e9150c747cbe4 + + + Document GENKEY options. + + commit 108e8f622ef9cfa256707debec1d379ce3cf21ca + + + Document PRESET_PASSPHRASE. + + commit 96e107fc29db625b247022ae1bf2cbe90b939c5d + + + Document CLEAR_PASSPHRASE. + + commit 26b59d78c43d72fa28609fb2c0d80fb377393127 + And describe the --mode=normal option. + +2012-03-27 Werner Koch <wk@gnupg.org> + + Fix timegm regression test. + + commit 17499e761e8cd0fe867b5b5f3e42a71b6d45f954 + * common/t-timestuff.c (test_timegm): Change test to use January and + not February or December+1. Bug spotted by Daniel Kahn Gillmor. + + Print warning for arguments not considered an option. + + commit de01c51ecb3918f427aa76281351749c8ad07ed6 + GnuPG requires that options are given before other arguments. This + can sometimes be confusing. We now print a warning if we found an + argument looking alike a long option without being preceded by the + stop option. This is bug#1343. + + * common/argparse.h (ARGPARSE_FLAG_STOP_SEEN): New. + * common/argparse.c (arg_parse): Set new flag. + * g10/gpg.c (main): Print the warning. + * agent/gpg-agent.c (main): Ditto. + * dirmngr/dirmngr.c (main): Ditto. + * g13/g13.c (main): Ditto. + * scd/scdaemon.c (main): Ditto. + * sm/gpgsm.c (main): Ditto. + * tools/gpg-connect-agent.c (main): Ditto. + * tools/gpgconf.c (main): Ditto. + +2012-03-26 Werner Koch <wk@gnupg.org> + + Allow compress algorithm 0. + + commit 7ddbcb6b6ab8b26c8e609fcd95c2c8a89bc20a7d + * g10/mainproc.c (proc_compressed): Remove superfluous check for + compress algorithm 0. Reported by pfandrade. This is bug#1326. + + Add mksamplekeys script. + + commit 7441e622ffb3296686bd0d7f04b4051466aaad38 + * doc/mksamplekeys: New. + +2012-02-28 Marcus Brinkmann <mb@g10code.com> + + Replace npth_yield in busy wait by npth_usleep. + + commit 8f8c6594147608b1021c16fc3561feb96da5d55a + * dirmngr/ldap-wrapper.c (ldap_wrapper_wait_connections): Call + npth_usleep instead of npth_yield. + +2012-02-16 Marcus Brinkmann <mb@g10code.com> + + Check for lber and link dirmngr_ldap to it. + + commit 76ff42ef8d1232dd36bf48c1020b0b9b2afb1c7d + * configure.ac (LBER_LIBS, HAVE_LBER): New variables, check for lber. + * dirmngr/Makefile.am (dirmngr_lda_LDADD): Add $(LBER_LIBS). + +2012-02-07 Werner Koch <wk@gnupg.org> + + agent: Add pin length field to the shadowed private key format. + + commit b817ae7df947093384a25797999a9aa187e20f9c + This is not yet fully implemented. It will eventually allow to + support pinpad equipped readers which do not support variable length + pin lengths. + * agent/protect.c (parse_shadow_info): Add optional arg R_PINLEN and + parse pinlen info. Change all callers to pass NULL for it. + + Use new status printing functions. + + commit 12ea5c904c0008a2adec2e8bbe45dac629548e7d + * agent/command.c (cmd_geteventcounter): Get rid of static buffers. + * scd/command.c (cmd_serialno, cmd_learn): Simplify by using + print_assuan_status. + + agent: New function agent_print_status. + + commit e78585cd0f553d92f332e33810ab636758bc88a2 + * common/asshelp2.c (vprint_assuan_status): New. + (print_assuan_status): Re-implement using above func. + * agent/command.c (agent_print_status): New. + + po: Add Ukrainian translation. + + commit 8d8d740bfd73d8764a03220c0b0c949e03fea351 + * po/uk.po: New. + + common: Replace macro based function calls by using DEFAULT_ERRSOURCE. + + commit 13ec74481ce0137f7a60b3256cc4840073c77efa + * common/dns-cert.h (get_dns_cert): Remove macro. + * common/dns-cert.c (_get_dns_cert): Rename to get_dns_cert. Replace + arg ERRSOURCE by global DEFAULT_ERRSOURCE. + * common/http.h (http_parse_uri, http_raw_connect, http_open) + (http_open_document, http_wait_response): Remove macros. + * common/http.c (_http_parse_uri, _http_raw_connect, _http_open) + (_http_open_document, _http_wait_response): Remove underscore from + symbols. Replace args ERRSOURCE by global DEFAULT_ERRSOURCE. + * common/ssh-utils.h (ssh_get_fingerprint) + (ssh_get_fingerprint_string): Remove macros. + * common/ssh-utils.h (_ssh_get_fingerprint) + (_ssh_get_fingerprint_string): Remove underscore from symbols. + Replace args ERRSOURCE by global DEFAULT_ERRSOURCE. + * common/tlv.h (parse_ber_header, parse_sexp): Remove macros. + * common/tlv.c: Include util.h. + (_parse_ber_header, _parse_sexp): Remove underscore from symbols. + Replace args ERRSOURCE by global DEFAULT_ERRSOURCE. + +2012-02-06 Werner Koch <wk@gnupg.org> + + Add replacement hack for Android's broken ttyname. + + commit 115a6ed55d1f6be33f66de6734359fa590ca3749 + * configure.ac (HAVE_TTYNAME) [__ANDROID__]: Add hack. + + agent: Simplify printing of INQUIRE_MAXLEN. + + commit 7981cdd1345d51fd917b2375691ead60c24db2cd + * agent/command.c: Include asshelp.h. + (cmd_pkdecrypt, cmd_genkey, cmd_preset_passphrase) + (pinentry_loopback): Use print_assuan_status for INQUIRE_MAXLEN. + + common: Add function print_assuan_status. + + commit 1a0df8506050448f16c63666850e3ae6d94a971b + * common/asshelp2.c: New. + (print_assuan_status): New function. + * common/Makefile.am (common_sources): Add asshelp2.c. + + common: Add a global variable to for the default error source. + + commit eb0faef81dae2cba1f62056fdc4dc2a7d58ac86a + For the shared code parts it is cumbersome to pass an error sourse + variable to each function. Its value is always a constant for a given + binary and thus a global variable makes things a lot easier than the + former macro stuff. + * common/init.c (default_errsource): New global var. + (init_common_subsystems): Rename to _init_common_subsystems. Set + DEFAULT_ERRSOURCE. + * common/init.h: Assert value of GPG_ERR_SOURCE_DEFAULT. + (init_common_subsystems): New macro. + * common/util.h (default_errsource): Add declaration. + * kbx/keybox-defs.h: Add some GPG_ERR_SOURCE_DEFAULT trickery. + +2012-02-03 Ben Kibbey <bjk@luxsci.net> + + Also let GENKEY and PKDECRYPT send the INQUIRE_MAXLEN status message. + + commit ecda65498ac60dfde50fbbc71cd0cc321d7175a9 + * agent/command.c (cmd_pkdecrypt): Send the INQUIRE_MAXLEN status + message before doing the inquire. + (cmd_genkey): Ditto. + +2012-02-02 Ben Kibbey <bjk@luxsci.net> + + Inform the client of the preset passphrase length. + + commit 3f7788f2e035eb939abb27b3a53854ec0fc6178c + * agent/command.c (cmd_preset_passphrase): Send the INQUIRE_MAXLEN + status message before inquiring the passphrase. + +2012-02-01 David Shaw <dshaw@jabberwocky.com> + + Honor --cert-digest-algo when recreating a cert. + + commit 2b3cb2ee94625498e7a7f939216c9bcddef6ec20 + * g10/sign.c (update_keysig_packet): Honor --cert-digest-algo when + recreating a cert. + + This is used by various things in --edit-key like setpref, primary, + etc. Suggested by Christian Aistleitner. + +2012-01-27 Werner Koch <wk@gnupg.org> + + gl: Add support for Android to stdint.h replacement. + + commit bdde44ae8d4709e33c09781c3d37a5da2c7a5e0d + * gl/stdint_.h: When included from Bionic <sys/types.h>, just include + the system's <stdint.h>. + + gpg-connect-tool: Take the string "true" as a true condition. + + commit 2871422d9a889cb632f59efda4d9cd170fc9fca7 + * tools/gpg-connect-agent.c (main): Handle strings "true" and "yes" in + conditions as expected. + +2012-01-26 Ben Kibbey <bjk@luxsci.net> + + Return GPG_ERR_CARD_NOT_PRESENT when pinentry-mode=loopback. + + commit cf748e8736b984194345bfd74887b35d3d23fa37 + Since there isn't a way to prompt the user to insert the smartcard when + pinentry-mode=loopback, return GPG_ERR_CARD_NOT_PRESENT instead of + GPG_ERR_NO_PIN_ENTRY. + + * agent/divert-scd.c (ask_for_card): Return GPG_ERR_CARD_NOT_PRESENT + when pinentry-mode=loopback. + + Also check for GPG_ERR_ASS_CANCELED during an inquire. + + commit 3da10eefcb09a520f11e4fae7f59a33f80ffba69 + Fix pinentry-mode=loopback when cancelling an inquire from scdaemon. + This is similar to commit 4f21f8d but for both protocol command + cancellation and pinentry cancellation. + + * agent/call-scd.c (agent_card_pkdecrypt): Check for + GPG_ERR_ASS_CANCELED. + (agent_card_pksign): Ditto. + +2012-01-25 Werner Koch <wk@gnupg.org> + + nPth is now a hard requirement for GnuPG. + + commit 001352077cdc7e402421c77328bea1a052005673 + * configure.ac: Remove cruft to allow building without npth. + + Require libassuan 2.1.0. + + commit c254d0f0d13a54777a62dad8f78a8f287d6ae565 + * configure.ac (NEED_LIBASSUAN_VERSION): Set to 2.1.0. This is due to + the npth changes. + + Fix strerror vs. gpg_strerror usage. + + commit 2be7818c6d916a69ffdf88cce32960949a56e893 + This bug was introduced by the migration to npth. + * agent/gpg-agent.c (handle_connections): Use strerror. + + Add missing variable. + + commit a55d2e16f1090264338dc3ad0b2afca28db27c09 + * agent/gpg-agent.c (handle_connections) [!W32]: Add missing variable. + +2012-01-25 Marcus Brinkmann <marcus.brinkmann@ruhr-uni-bochum.de> + + Port LDAP wrapper to NPTH. + + commit 4074f966276be10a794fd63a7f443b9d974d3982 + * agent/gpg-agent.c (handle_connections): Handle error. + * dirmngr/dirmngr_ldap.c, dirmngr/ldap-wrapper-ce.c: Port to NPTH. + + Port Windows code to NPTH. + + commit ccbb4c3652ee72386b8889358b829e256e1ebcda + * agent/gpg-agent.c (get_agent_ssh_socket_name): Use + INVALID_HANDLE_VALUE instead of 0. + (handle_signal) [!HAVE_W32_SYSTEM]: Don't define. + (handle_connections): Port Windows code to NPTH. + * dirmngr/dirmngr.c (handle_connections): Port Windows code to NPTH. + * g13/g13.c (handle_connections): Port Windows code to NPTH. + * scd/scdaemon.c (handle_connections): Port Windows code to NPTH. + + Port to npth. + + commit 7a7a59782766a8bde0c3e7156d14bb2b0e4a3951 + * configure.ac: Don't check for PTH but for NPTH. + (AH_BOTTOM): Remove PTH_SYSCALL_SOFT. + (have_pth): Rename to ... + (have_npth): ... this. + (USE_GNU_NPTH): Rename to ... + (USE_GNU_PTH): ... this. + * m4/npth.m4: New file. + * agent/Makefile.am, agent/cache.c, agent/call-pinentry.c, + agent/call-scd.c, agent/findkey.c, agent/gpg-agent.c, + agent/trustlist.c, common/Makefile.am, common/estream.c, + common/exechelp-posix.c, common/exechelp-w32.c, + common/exechelp-w32ce.c, common/http.c, common/init.c, + common/sysutils.c, dirmngr/Makefile.am, dirmngr/crlfetch.c, + dirmngr/dirmngr.c, dirmngr/dirmngr_ldap.c, dirmngr/ldap-wrapper-ce.c, + dirmngr/ldap-wrapper.c, dirmngr/ldap.c, g13/Makefile.am, + g13/call-gpg.c, g13/g13.c, g13/runner.c, scd/Makefile.am, + scd/apdu.c, scd/app.c, scd/ccid-driver.c, scd/command.c, + scd/scdaemon.c, tools/Makefile.am: Port to npth. + +2012-01-25 Werner Koch <wk@gnupg.org> + + Require gitlog-to-changelog to be installed. + + commit 495dc68586356891b82a2d2b6367c4131fd17f08 + * Makefile.am (GITLOG_TO_CHANGELOG): New. + (gen-ChangeLog): Use installed version of gitlog-to-changelog. + +2012-01-20 David Shaw <dshaw@jabberwocky.com> + + Changes to --min-cert-level should cause a trustdb rebuild (issue 1366) + + commit deee8147aab086161c91e6aa6fb41d7148a630f6 + * g10/gpgv.c, g10/trustdb.c (read_trust_options): Add min_cert_level + + * g10/trustdb.c (check_trustdb_stale): Request a rebuild if + pending_check_trustdb is true (set when we detect a trustdb + parameter has changed). + + * g10/keylist.c (public_key_list): Use 'l' in the "tru" with-colons + listing for min_cert_level not matching. + + * g10/tdbio.c (tdbio_update_version_record, create_version_record, + tdbio_db_matches_options, tdbio_dump_record, tdbio_read_record, + tdbio_write_record): Add a byte for min_cert_level in the tdbio + version record. + +2012-01-20 Werner Koch <wk@gnupg.org> + + estream: Fix unclean usage of realloc. + + commit e97e2ced6cf3ee295a3cc9f8968969a1910380ea + * common/estream-printf.c (_ESTREAM_PRINTF_MALLOC): Remove. + (_ESTREAM_PRINTF_FREE): Remove. + (_ESTREAM_PRINTF_REALLOC): New. + (fixed_realloc) [!_ESTREAM_PRINTF_REALLOC]): New. + (estream_vasprintf): Use my_printf_realloc instead of my_printf_malloc + and my_printf_free. + (dynamic_buffer_out): Use my_printf_realloc instead of realloc. + + Do not copy default merge commit log entries into the ChangeLog. + + commit 7589e43b21c8d80c5a57ecb6eb78dfcd0b5dac46 + * scripts/gitlog-to-changelog: Skip merge commits. + +2012-01-18 Ben Kibbey <bjk@luxsci.net> + + Add the INQUIRE_MAXLEN status message. + + commit ae981dd8f454e2a8bbc6429bed5abc5e87cc83d5 + This status message is used to inform the client of the maximum length + of an inquired passphrase and is used in pinentry-mode=loopback. + + * agent/command.c (pinentry_loopback): Send the INQUIRE_MAXLEN status + message before doing the inquire. + +2012-01-16 Jim Meyering <meyering@redhat.com> + + yat2m: don't dereference pointer to freed memory. + + commit 4402dc3f0a5c5d0f26ed2ae97f9cda9cf4e695fa + * doc/yat2m.c (top_parse_file): Correct macrolist-freeing loop. + + gpg-agent: fix lc-messages handling not to change Xauthority setting. + + commit 37801918cb916ae8c641e003f204dcc70cccb29c + * agent/gpg-agent.c (main): Supply omitted "break" statement for + lc-messages option. Otherwise, control would fall through to the + following oXauthority case and use the same value there. + +2012-01-15 Werner Koch <wk@gnupg.org> + + Fix indentation. + + commit 75a402fc25e4ec9659723dd58306aff3415736f4 + + +2012-01-14 Ben Kibbey <bjk@luxsci.net> + + Fix scdaemon pinentry inquire cancelation. + + commit 4f21f8d6e109eae111d2da91f4c946afda4174e4 + Similar to commit 29af488 but also fixes PKDECRYPT and PKSIGN. + + * agent/call-scd.c (agent_card_pkdecrypt): Check for GPG_ERR_CANCELED + when returning from the PKDECRYPT operation of scdaemon and cancel the + inquire. + (agent_card_pksign): Ditto. + (cancel_inquire): New. + +2012-01-11 Werner Koch <wk@gnupg.org> + + gpg: Fix segv with RSA_S keys. + + commit 30ec869b8c63f1edcc58110ed20b83b0e77248f8 + * g10/misc.c (pubkey_get_npkey, pubkey_get_nskey) + (pubkey_get_nsig, pubkey_get_nenc): Map all RSA algo ids to + GCRY_PK_RSA. + + estream: Avoid printing leading zeroes by %p on 32 bit systems. + + commit b42bc48dfb4b6d4f745eb02d8de4f4dcffdacf48 + * common/estream-printf.c (pr_pointer): Synchronize definition of + AULONG with its use. + +2012-01-11 David Shaw <dshaw@jabberwocky.com> + + Refresh sample keys. + + commit 860861279bc17dd80eecc9631c4ae5d161a335fd + + +2012-01-10 David Shaw <dshaw@jabberwocky.com> + + Adapt HKP fix for fingerprint/long keyid retrievals for dirmngr. + + commit 3f59561cee635c6801e0a59d3abff1c064fcbdbe + * dirmngr/ks-engine-hkp.c (ks_hkp_get): Use the longest valid keyid form + +2012-01-06 Werner Koch <wk@gnupg.org> + + gpg: Make the double space in the middle of a fingerprint optional. + + commit 957fe728466893bc63f5ccad197d3e245dca4bf3 + This change might help to c+p a fingerprint from an HTML page without + being enclosed in a "pre" tag. + * common/userids.c (classify_user_id): Skip a second blank in the + middle of a fingerprint. + + gpg: Allow use of a standard space separated fingerprint. + + commit 372fb4fc0661014ccd9275c89e6da2208f87155f + * common/userids.c (classify_user_id): Check for space separated GPG + fingerprint. + +2012-01-06 NIIBE Yutaka <gniibe@fsij.org> + + Merge ccid_driver_improvement branch. + + commit 5988c8bfb7eafaca53c8abeb793f189acd3177c6 + * scd/apdu.c (ccid_keypad_operation): Rename from ccid_keypad_verify. + (open_ccid_reader): Use ccid_keypad_operation for verify and modify. + + * scd/ccid-driver.c (VENDOR_VASCO, VASCO_920): New. + (ccid_transceive_apdu_level): Permit sending packet where + apdulen <= 289. Support receiving packets in a chain. + (ccid_transceive_secure): Maximum is 15 for VASCO DIGIPASS 920. + Support keypad_modify method such as CHANGE_REFERENCE_DATA: 0x24. + +2012-01-03 Marcus Brinkmann <marcus.brinkmann@ruhr-uni-bochum.de> + + Silence gcc warning. + + commit ed432f030e604f7b2fd4a79c2110d92b9cde7501 + * sm/call-dirmngr.c (get_cached_cert): Make sure buflen is initialized. + + Revert last change, add comment about link() return values. + + commit ff2095ad7b4be7eaf9468b6ef39fd979527ecc4f + * common/dotlock.c (use_hardlinks_p, dotlock_take_unix): Do not check + return value of link(). + + Fix compiler warnings. + + commit 0dce26778ef8abd4fc40de689d7ec9b720d26430 + * common/dotlock.c (use_hardlinks_p, dotlock_take_unix): Check return + value of link(). + * g13/g13.c: Make sure err is initialized. + * scd/scdaemon.c (main) [!USE_GCRY_THREAD_CBS]: Do not define ERR. + + Fix last change: Only set gcrypt thread callback for older versions. + + commit 61ccd8d92d9d3b8ba0eca3c2969d7f6f37e16405 + * dirmngr/dirmngr.c, g13/g13.c: Rename FIX_GCRY_PTH_INIT to + USE_GCRY_THREAD_CBS. + +2012-01-03 Werner Koch <wk@gnupg.org> + + Terminate csh commands with a semicolon also for dirmngr. + + commit 682df45d15661ed3544e2ed34bcb636200cc40f9 + * dirmngr/dirmngr.c (main): Terminate csh style output with a semicolon. + + Terminate csh commands with a semicolon. + + commit d01d9ff11f46cbd61b7b8c0e04431e4f0c4a8580 + Fixes bug#1386. + + * agent/gpg-agent.c (main): Terminate csh style output with a semicolon. + * scd/scdaemon.c: Ditto. + +2012-01-02 Marcus Brinkmann <marcus.brinkmann@ruhr-uni-bochum.de> + + Only set gcrypt thread callback for older version of gcrypt. + + commit a2d9e48fcca6cfc2dfadef6dbd3579a30314676b + * agent/gpg-agent.c, dirmngr/dirmngr.c, g13/g13.c, scd/scdaemon.c + (USE_GCRY_THREAD_CBS): New macro, defined if + GCRY_THREAD_OPTION_VERSION is 0. + (fixed_gcry_pth_init) [!USE_GCRY_THREAD_CBS]: Don't define. + (main) [!USE_GCRY_THREAD_CBS]: Do not install thread callbacks. + +2011-12-28 David Shaw <dshaw@jabberwocky.com> + + Use the longest key ID available when talking to a HKP server. + + commit c6aaf024651c7d55ac9fb77a53c084efb3adc1a9 + This is issue 1340. Now that PKSD is dead, and SKS supports long key + IDs, this is safe to do. Patch from Daniel Kahn Gillmor + <dkg@fifthhorseman.net>. + +2011-12-20 Werner Koch <wk@gnupg.org> + + Post-release version number update. + + commit 97d1c884e62bba94e42bb5b2bb13cd3880334c31 + + + Release 2.1.0beta3. + + commit 604c130a85d4203b9d84137a42673aeaff1c0bd1 + + + Prepare for the beta3 release. + + commit 8e47f1e576f70d4dbe966523057fe3078006ae8b + + + po: Update the German translation. + + commit 6f02c143440865781b4e3c1753e24e55a0de40e4 + + + Add the STEED Self-Signing Nonthority certificate. + + commit fe2f1826991e8130f727ee15df1a4651f679752f + * doc/com-certs.pem: Install it when creating a keybox. + + faq: Add section on US export restrictions. + + commit 779611494dbd187d09b05d2eb10faabd31a70156 + + + Require Libassuan 2.0.3. + + commit 366512abe44d9e71bb2c699c29477afa6ac71cdd + * configure.ac: Require Libassuan 2.0.3. + * agent/call-scd.c (ASSUAN_CONVEY_COMMENTS): Remove macro replacement. + * agent/command.c (cmd_killagent) [ASSUAN_FORCE_CLOSE]: Remove + dependency. + (cmd_killagent) [ASSUAN_FORCE_CLOSE]: Ditto. + * scd/command.c (cmd_killscd) [ASSUAN_FORCE_CLOSE]: Ditto. + +2011-12-20 NIIBE Yutaka <gniibe@fsij.org> + + Add error log and debug log for pcsc_keypad_verify and pcsc_keypad_modify. + + commit 07f20f313a0b13e5c93168a8a62ff1cbb94a4514 + * scd/apdu.c (pcsc_keypad_verify): Add debug log and error log. + (pcsc_keypad_modify): Likewise. + +2011-12-19 Werner Koch <wk@gnupg.org> + Ben Kibbey <bjk@luxsci.net> + + scd: Fix for card change returning GPG_ERR_CARD_RESET. + + commit f4b7f7146349c388a2f3ce224ff2006606c66232 + * scd/apdu.c (apdu_connect): Do not test for zero atrlen. + +2011-12-16 NIIBE Yutaka <gniibe@fsij.org> + + Don't kill pinentry by SIGKILL but let it quit by SIGINT. + + commit f6251c0d0af92331388f5e9bcd1750cbadcaca8f + * agent/call-pinentry.c (agent_popup_message_stop): To pinentry, send + SIGINT (was: SIGKILL). + +2011-12-15 David Shaw <dshaw@jabberwocky.com> + + Merge fix for issue 1331 from 1.4. + + commit a98260c39f1c0ccdad004784cbc9440376766082 + * photoid.c (generate_photo_id): Check for the JPEG magic numbers + instead of JFIF since some programs generate an EXIF header first. + +2011-12-15 Werner Koch <wk@gnupg.org> + + scd: Prefer application Geldkarte over DINSIG. + + commit 27089564b6453deaf7b4ffe7cc5f5f290b6d892b + * scd/app.c (select_application): Reorder application tests. + + scd: Add option --dump-atr to command APDU. + + commit b22d62bd1481dfe13d60a6d16b09b9297944f063 + * scd/atr.c: Rewrite. + * scd/Makefile.am (scdaemon_SOURCES): Add atr.c and atr.h. + * scd/command.c (cmd_apdu): Add option --dump-atr. + + estream: New function es_fclose_snatch. + + commit 7737a2c269657189a583cde7f214f20871d264f8 + * common/estream.c (cookie_ioctl_function_t): New type. + (es_fclose_snatch): New function. + (COOKIE_IOCTL_SNATCH_BUFFER): New constant. + (struct estream_internal): Add field FUNC_IOCTL. + (es_initialize): Clear FUNC_IOCTL. + (es_func_mem_ioctl): New function. + (es_fopenmem, es_fopenmem_init): Init FUNC_IOCTL. + +2011-12-14 Werner Koch <wk@gnupg.org> + + scd: Skip S/N reading for the "undefined" application. + + commit 792e137ec7997a0ff5c54ff970611238d28d4ba8 + * scd/app.c (select_application): Skip serial number reading. + + scd: Add more status word values for documentation. + + commit 0bac31ee9f74a25d76b08c3e0355a338908f083a + + + scd: Add the "undefined" stub application. + + commit dcd64131c60efd0189aa05d5dbce6b93547b04e3 + * scd/app.c (select_application): Implement the "undefined" + application. + + agent: Pass comment lines from scd verbatim thru gpg-agent. + + commit 45cf9de341405a228e331bd3893cbcd6b72306be + * agent/call-scd.c (pass_status_thru): Pass comment lines verbatim. + * tools/gpg-connect-agent.c (help_cmd_p): New. + (main): Treat an "SCD HELP" the same as "HELP". + + scd: Fix resetting and closing of the reader. + + commit 2d91febbd8d30beb7eb33f7aa80ffd5691d1d3cc + * scd/command.c (update_card_removed): Do no act on an invalid VRDR. + (do_reset): Ignore apdu_reset error codes for no and inactive card. + Close the reader before setting the slot to -1. + (update_reader_status_file): Notify the application before closing the + reader. + + scd: Add debug option for reader function calls. + + commit 07ea8c56b507b06d4bd70e94fa51914659afac4b + * scd/scdaemon.h (DBG_READER_VALUE, DBG_READER): New. + * scd/apdu.c (apdu_open_reader, apdu_close_reader) + (apdu_shutdown_reader, apdu_connect, apdu_disconnect) + (apdu_reset, apdu_get_atr, apdu_get_status): Add debug code. + (apdu_activate): Remove this unused function. + +2011-12-13 Werner Koch <wk@gnupg.org> + + scd: New option --debug-assuan-log-cats. + + commit 00c760f628f4cf0fc11e79d305c172f98123f815 + * scd/scdaemon.c (oDebugAssuanLogCats): New. + (opts): Add option --debug-assuan-log-cats. + (main): Implement option. + * common/asshelp.c (set_libassuan_log_cats): New. + + scd: Introduce a virtual reader table. + + commit 24e121ef261731069868ca403b818f1168237f53 + The vreader table makes the code more clear by explicitly talking + about APDU slots and reader indices. It also accommodates for future + extensions. + + * scd/scdaemon.h (server_control_s): Remove READER_SLOT. + * scd/scdaemon.c (scd_init_default_ctrl): Do not init READER_SLOT. + * scd/app.c (check_application_conflict): Add arg SLOT. + * scd/command.c (slot_status_s): Rename to vreader_s. + (server_local_s): Add field VREADER_IDX as replacement for + the READER_SLOT in server_control_s. Change all users. + (slot_table): Rename to vreader_table. Change all users. + (vreader_slot): New. + (do_reset, cmd_apdu): Map vreader to apdu slot. + (get_reader_slot): Rename to get_current_reader. Return -1 on error. + (open_card): Map vreader toapdu slot. Pass slot to + check_application_conflict. + (scd_command_handler): Init VREADER_IDX. + (update_reader_status_file): Reset SLOT field on error. + +2011-12-12 Werner Koch <wk@gnupg.org> + + scd: Retry command SERIALNO for an inactive card. + + commit 11164662788036c4b15d30555ea33ec0b6f5a670 + * scd/command.c (cmd_serialno): Retry once for an inactive card. + + Fix detection of card removal and insertion. + + commit cd29dc0f1cf7f3bd7938ffa65bf13f9a75d8c156 + * scd/apdu.c (apdu_connect): Return status codes for no card available + and inactive card. + * scd/command.c (TEST_CARD_REMOVAL): Also test for GPG_ERR_CARD_RESET. + (open_card): Map apdu_connect status to GPG_ERR_CARD_RESET. + + gitlog-to-changelog: New option --tear-off. + + commit ea0a21410b8fa460882c0f8de90b9291345fd4fc + * scripts/gitlog-to-changelog: Add option --tear-off. + * Makefile.am (gen-ChangeLog): Use that option. + +2011-12-07 Werner Koch <wk@gnupg.org> + + gpgsm: Add new validation model "steed". + + commit 8a12a2000d82acfa881e8c18d028290100bf5e43 + * sm/gpgsm.h (VALIDATE_FLAG_STEED): New. + * sm/gpgsm.c (gpgsm_parse_validation_model): Add model "steed". + * sm/server.c (option_handler): Allow validation model "steed". + * sm/certlist.c (gpgsm_cert_has_well_known_private_key): New. + * sm/certchain.c (do_validate_chain): Handle the + well-known-private-key attribute. Support the "steed" model. + (gpgsm_validate_chain): Ditto. + * sm/verify.c (gpgsm_verify): Return "steed" in the trust status line. + * sm/keylist.c (list_cert_colon): Print the new 'w' flag. + + Correct punctuation in the ChangeLog summary line. + + commit 14e4fdc9f97d6f12bf563adfff1e3157305d7795 + * Makefile.am (gen-ChangeLog): Supply --append-dot. + + Allow comments which will not show up in the ChangeLog. + + commit cd3732841de32ce5c7841e6e158df3a5f1102f86 + * scripts/gitlog-to-changelog: Ignore lines after a "--" line. + +2011-12-06 Werner Koch <wk@gnupg.org> + + gpgsm: Allow specification of an AuthorityKeyIdentifier. + + commit 596b84a4de58def2155d3fe56462f6607f135b69 + * sm/certreqgen.c (pAUTHKEYID): New. + (read_parameters): Add keyword Authority-Key-Id. + (proc_parameters): Check its value. + (create_request): Insert an Authority-Key-Id. + + gpgsm: Allow arbitrary extensions for cert creation. + + commit 5cdad8ff000152b4bd01953646bb87fe8703c70d + * sm/certreqgen.c (pSUBJKEYID, pEXTENSION): New. + (read_parameters): Add new keywords. + (proc_parameters): Check values of new keywords. + (create_request): Add SubjectKeyId and extensions. + (parse_parameter_usage): Support "cert" and the encrypt alias "encr". + + gpgsm: Fix storing of the serial number. + + commit 3f284e40502d8181b0b3ea66c77cd7c1252ea781 + * sm/certreqgen.c (create_request): Fix hex-bin conversion. + +2011-12-05 Werner Koch <wk@gnupg.org> + + Fix last change. + + commit 9274d4d18281b3364fa8abaa821dddf124b105d7 + * agent/command.c (start_command_handler): Remove use of removed var. + + Amend the agent code with more comments. + + commit 477360e8cdc458b0a36e9c7fb52a35f27766255d + * agent/command.c (server_local_s): Remove unused field MESSAGE_FD. + +2011-12-02 Werner Koch <wk@gnupg.org> + + Support the Cherry ST-2000 card reader. + + commit 239659d3a0b8c0c378734ca3d1e9210a02e24da7 + * scd/ccid-driver.c (SCM_SCR331, SCM_SCR331DI, SCM_SCR335) + (SCM_SCR3320, SCM_SPR532, CHERRY_ST2000): New constants. + (parse_ccid_descriptor): Use them. + (scan_or_find_usb_device, ccid_transceive_secure): Handle Cherry + ST-2000. Suggested by Matthias-Christian Ott. + + Avoid possible double free in export.c. + + commit 96dc146fa17a7853277dbf3dc771c585a815c247 + * g10/export.c (transfer_format_to_openpgp): Avoid possible double + free of LIST. Reported by NIIBE Yutaka. + +2011-12-02 NIIBE Yutaka <gniibe@fsij.org> + + Fix pinpad input support for passphrase modification. + + commit bf37c32367ba149559385ee90b6435cef8bd6412 + * apdu.c (pcsc_keypad_verify): Have dummy Lc field with value 0. + (pcsc_keypad_modify): Likewise. + (pcsc_keypad_modify): It's only for ISO7816_CHANGE_REFERENCE_DATA. + bConfirmPIN value is determined by the parameter p0. + + * app-openpgp.c (do_change_pin): The flag use_keypad should be 0 when + reset_mode is on, or resetcode is on. use_keypad only makes sense for + iso7816_change_reference_data_kp. + + * iso7816.h (iso7816_put_data_kp): Remove. + (iso7816_reset_retry_counter_kp): Remove. + (iso7816_reset_retry_counter_with_rc_kp): Remove. + (iso7816_change_reference_data_kp): Add an argument: IS_EXCHANGE. + + * iso7816.c (iso7816_put_data_kp): Remove. + (iso7816_reset_retry_counter_kp): Remove. + (iso7816_reset_retry_counter_with_rc_kp): Remove. + (iso7816_change_reference_data_kp): Add an argument: IS_EXCHANGE. + +2011-12-01 Werner Koch <wk@gnupg.org> + + Add hook to check the commit log syntax. + + commit 29e96e6b9a8e68e6554dd48bc2ce68ae9525d29f + * autogen.sh: Install commit-msg hook for git. + + Generate the ChangeLog from commit logs. + + commit 2336b09779d313c1594acf6df3bd8a8486e90458 + * scripts/gitlog-to-changelog: New script. Taken from gnulib. + * scripts/git-log-fix: New file. + * scripts/git-log-footer: New file. + * doc/HACKING: Describe the ChangeLog policy + * ChangeLog: New file. + * Makefile.am (EXTRA_DIST): Add new files. + (gen-ChangeLog): New. + (dist-hook): Run gen-ChangeLog. + + Rename all ChangeLog files to ChangeLog-2011. + +2011-12-01 Werner Koch <wk@gnupg.org> + + NB: Changes done before December 1st, 2011 are described in + per directory files named ChangeLog-2011. See doc/HACKING for + details. + + ----- + Copyright (C) 2011 Free Software Foundation, Inc. + + Copying and distribution of this file and/or the original GIT + commit log messages, with or without modification, are + permitted provided the copyright notice and this notice are + preserved. |