diff options
Diffstat (limited to 'NEWS')
| -rw-r--r-- | NEWS | 164 |
1 files changed, 164 insertions, 0 deletions
@@ -1,3 +1,167 @@ +Noteworthy changes in version 2.2.43 (2024-04-16) +------------------------------------------------- + + * gpg: Do not keep an unprotected smartcard backup key on disk. See + https://gnupg.org/blog/20240125-smartcard-backup-key.html for a + security advisory. [T6944] + + * gpg: Allow to create revocations even with non-compliant algos. + [rG89c7eccba5] + + * gpg: Fix mixed invocation with --trusted-keys and --no-options. + [T7025] + + * gpg: Make sure a DECRYPTION_OKAY is never issued for a bad OCB + tag. [T7042] + + * gpg: Do not allow to accidently set the RENC usage. [T7072] + + * gpgsm: Allow PKCS#12 decryption with a longer salt value. [T6757] + + * agent: Allow simple KEYINFO command in restricted mode. [T7003] + + * agent: Consider an empty pattern file as valid. [rG509d0f76ce] + + * dirmngr: Avoid starting a second instance on Windows via GPGME + based launching. [T6833] + + * dirmngr: Trust system's root CAs for checking CRL issuers. [T6963] + + * dirmngr: Fix the regression in 2.2.42 of use of proxy for TLS + connection. [T6997] + + * scd: Fix corner case bug when changing to a shorter PIN with KDF + enabled. [T6843] + + * gpgtar: Fix conveying of status lines from gpg when using stderr + as status fd on Windows. [T6961] + + * gpgconf: Fix -X command for the new VERSION file format and change + the output format. [T6918] + + * wkd: Make gpg-wks-client --mirror work w/o args. + + Release-info: https://dev.gnupg.org/T6849 + + + +Noteworthy changes in version 2.2.42 (2023-11-28) +------------------------------------------------- + + * gpg: Set default expiration date to 3 years. [T2701] + + * gpg: Support OCB encryption. [T6263] + + * gpg: New command --quick-update-pref. [rGf16c946be7] + + * gpg: New list-options show-pref and show-pref-verbose. + [rGb6ba7054a0] + + * gpg: Add modes 16 and 30 to --gen-random. + + * gpg: Emit status line and proper diagnostics for write errors. + [T6528] + + * gpg: Make progress work for large files on Windows. [T6534] + + * gpg: New option --no-compress as alias for -z0. + + * gpg: Detect already compressed data also when using a pipe. Also + detect JPEG and PNG file formats. [T6332] + + * gpg: New option --add-desig-revoker. [rG6c9db01101] + + * gpg: Fix subkey re-import if a stub key still exists. [T3456] + + * gpg: Allow to specify seconds since Epoch beyond 2038 on 32-bit + platforms. [T6736] + + * gpg: Fix the "keytocard" command for moving ECC keys with + non-standard ECDH parameters to OpenPGP cards. [rG92af3f88a9] + + * gpgsm: Support ECC certificates. [T6253, T6802] + + * gpgsm: Print PROGRESS status lines. Add new --input-size-hint. + [T6534] + + * gpgsm: Also announce AES256-CBC in signatures. [rGaa397fdcdb21] + + * gpgsm: Major rewrite of the PKCS#12 parser. [T6536] + + * gpgsm: Non-armored detached signature are now created without + using indefinite form length octets. This improves compatibility + with some PDF signature verification software. [rG3d3b941ce9] + + * gpgsm: Verification of detached signatures does now strip trailing + zeroes from the input if --assume-binary is used. [rG6bdf11f671] + + * gpgsm: No not show the pkcs#12 passphrase in debug output. [T6654] + + * agent: Update the key stubs only if really modified. [T6829] + + * dirmngr: New option --ignore-crl-extensions. [T6545] + + * dirmngr: Backport of the AD_QUERY command. [rG2a3bad5985] + + * dirmngr: Support config value "none" to disable the default + keyserver. [T6708] + + * dirmngr: Implement automatic proxy detection on Windows. [T5768] + + * dirmngr: Fix handling of the HTTP Content-Length. [rG9f1c11cd3f] + + * dirmngr: Add code to support proxy authentication using the + Negotiation method on Windows. [T6719] + + * wkd: Use export-clean for gpg-wks-client's --mirror and --create + commands. [rG505e770b4c] + + * wkd: Make --add-revocs the default in gpg-wks-client. New option + --no-add-revocs. [rG67d57fae3f] + + * Fix garbled time output in non-English Windows. [T6741] + + * Ignore attempts to remove the /dev/null device. [T6556] + + * Improve advisory file lock retry strategy. [rG45a1ab5017] + + Release-info: https://dev.gnupg.org/T6307 + + +Noteworthy changes in version 2.2.41 (2022-12-09) +------------------------------------------------- + + * gpg: Add a notation to encryption subkeys in de-vs mode. [T6279] + + * gpg: Fix trusted introducer for mbox only user-ids. [T6238] + + * gpg: Report an error via status-fd for receiving a key from the + agent. [T5151] + + * gpg: Make --require-compliance work without the --status-fd + option. [r11f3232716] + + * gpg: Improve signature verification speed by a factor of more than + four. Double detached signing speed. [T5826] + + * gpg: New --export-filter export-revocs. [rGedbe30c152] + + * gpg: Import stray revocation certificates to improve WKD + usability. [rGbd825ead36af] + + * wkd: New option --add-revocs for gpg-wks-client. [rG2f4492f3be] + + * wkd: Ignore expired user-ids in gpg-wks-client. [T6292] + + * scd: Support the Telesec Signature Card v2.0. [T6252] + + * scd: Update the OpenPGP card code to be more in sync with 2.4.3. + + * Fix build regression depending on libgpg-error version. [T6244] + + Release-info: https://dev.gnupg.org/T6280 + + Noteworthy changes in version 2.2.40 (2022-10-10) ------------------------------------------------- |