NEWS 135 KB
Newer Older
Werner Koch's avatar
Werner Koch committed
1
Noteworthy changes in version 2.2.12 (2018-12-14)
Werner Koch's avatar
Werner Koch committed
2 3
-------------------------------------------------

Werner Koch's avatar
Werner Koch committed
4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37
  * tools: New commands --install-key and --remove-key for
    gpg-wks-client.  This allows to prepare a Web Key Directory on a
    local file system for later upload to a web server.

  * gpg: New --list-option "show-only-fpr-mbox".  This makes the use
    of the new gpg-wks-client --install-key command easier on Windows.

  * gpg: Improve processing speed when --skip-verify is used.

  * gpg: Fix a bug where a LF was accidentally written to the console.

  * gpg: --card-status now shwos whether a card has the new KDF
    feature enabled.

  * agent: New runtime option --s2k-calibration=MSEC.  New configure
    option --with-agent-s2k-calibration=MSEC.  [#3399]

  * dirmngr: Try another keyserver from the pool on receiving a 502,
    503, or 504 error.  [#4175]

  * dirmngr: Avoid possible CSRF attacks via http redirects.  A HTTP
    query will not anymore follow a 3xx redirect unless the Location
    header gives the same host.  If the host is different only the
    host and port is taken from the Location header and the original
    path and query parts are kept.

  * dirmngr: New command FLUSHCRL to flush all CRLS from disk and
    memory.  [#3967]

  * New simplified Chinese translation (zh_CN).

  Release-info: https://dev.gnupg.org/T4289
  See-also: gnupg-announce/2018q4/000433.html

Werner Koch's avatar
Werner Koch committed
38

Werner Koch's avatar
Werner Koch committed
39
Noteworthy changes in version 2.2.11 (2018-11-06)
Werner Koch's avatar
Werner Koch committed
40 41
-------------------------------------------------

Werner Koch's avatar
Werner Koch committed
42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82
  * gpgsm: Fix CRL loading when intermediate certicates are not yet
    trusted.

  * gpgsm: Fix an error message about the digest algo.  [#4219]

  * gpg: Fix a wrong warning due to new sign usage check introduced
    with 2.2.9.  [#4014]

  * gpg: Print the "data source" even for an unsuccessful keyserver
    query.

  * gpg: Do not store the TOFU trust model in the trustdb.  This
    allows to enable or disable a TOFO model without triggering a
    trustdb rebuild.  [#4134]

  * scd: Fix cases of "Bad PIN" after using "forcesig".  [#4177]

  * agent: Fix possible hang in the ssh handler.  [#4221]

  * dirmngr: Tack the unmodified mail address to a WKD request.  See
    commit a2bd4a64e5b057f291a60a9499f881dd47745e2f for details.

  * dirmngr: Tweak diagnostic about missing LDAP server file.

  * dirmngr: In verbose mode print the OCSP responder id.

  * dirmngr: Fix parsing of the LDAP port.  [#4230]

  * wks: Add option --directory/-C to the server.  Always build the
    server on Unix systems.

  * wks: Add option --with-colons to the client.  Support sites which
    use the policy file instead of the submission-address file.

  * Fix EBADF when gpg et al. are called by broken CGI scripts.

  * Fix some minor memory leaks and bugs.

  Release-info: https://dev.gnupg.org/T4233
  See-also: gnupg-announce/2018q4/000432.html

Werner Koch's avatar
Werner Koch committed
83

Werner Koch's avatar
Werner Koch committed
84
Noteworthy changes in version 2.2.10 (2018-08-30)
Werner Koch's avatar
Werner Koch committed
85 86
-------------------------------------------------

Werner Koch's avatar
Werner Koch committed
87
  * gpg: Refresh expired keys originating from the WKD.  [#2917]
Werner Koch's avatar
Werner Koch committed
88

Werner Koch's avatar
Werner Koch committed
89
  * gpg: Use a 256 KiB limit for a WKD imported key.
Werner Koch's avatar
Werner Koch committed
90

Werner Koch's avatar
Werner Koch committed
91
  * gpg: New option --known-notation.  [#4060]
Werner Koch's avatar
Werner Koch committed
92

Werner Koch's avatar
Werner Koch committed
93
  * scd: Add support for the Trustica Cryptoucan reader.
Werner Koch's avatar
Werner Koch committed
94

Werner Koch's avatar
Werner Koch committed
95
  * agent: Speed up starting during on-demand launching.  [#3490]
Werner Koch's avatar
Werner Koch committed
96

Werner Koch's avatar
Werner Koch committed
97
  * dirmngr: Validate SRV records in WKD queries.
Werner Koch's avatar
Werner Koch committed
98 99 100 101

  Release-info: https://dev.gnupg.org/T4112
  See-also: gnupg-announce/2018q3/000428.html

Werner Koch's avatar
Werner Koch committed
102

Werner Koch's avatar
Werner Koch committed
103
Noteworthy changes in version 2.2.9 (2018-07-12)
Werner Koch's avatar
Werner Koch committed
104 105
------------------------------------------------

Werner Koch's avatar
Werner Koch committed
106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143
  * dirmngr: Fix recursive resolver mode and other bugs in the libdns
    code.  [#3374,#3803,#3610]

  * dirmngr: When using libgpg-error 1.32 or later a GnuPG build with
    NTBTLS support (e.g. the standard Windows installer) does not
    anymore block for dozens of seconds before returning data.

  * gpg: Fix bug in --show-keys which actually imported revocation
    certificates.  [#4017]

  * gpg: Ignore too long user-ID and comment packets.  [#4022]

  * gpg: Fix crash due to bad German translation.  Improved printf
    format compile time check.

  * gpg: Handle missing ISSUER sub packet gracefully in the presence of
    the new ISSUER_FPR.  [#4046]

  * gpg: Allow decryption using several passphrases in most cases.
    [#3795,#4050]

  * gpg: Command --show-keys now enables the list options
    show-unusable-uids, show-unusable-subkeys, show-notations and
    show-policy-urls by default.

  * gpg: Command --show-keys now prints revocation certificates. [#4018]

  * gpg: Add revocation reason to the "rev" and "rvs" records of the
    option --with-colons.  [#1173]

  * gpg: Export option export-clean does now remove certain expired
    subkeys; export-minimal removes all expired subkeys.  [#3622]

  * gpg: New "usage" property for the drop-subkey filters.  [#4019]

  Release-info: https://dev.gnupg.org/T4036
  See-also: gnupg-announce/2018q3/000427.html

Werner Koch's avatar
Werner Koch committed
144

Werner Koch's avatar
Werner Koch committed
145
Noteworthy changes in version 2.2.8 (2018-06-08)
Werner Koch's avatar
Werner Koch committed
146 147
------------------------------------------------

Werner Koch's avatar
Werner Koch committed
148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168
  * gpg: Decryption of messages not using the MDC mode will now lead
    to a hard failure even if a legacy cipher algorithm was used.  The
    option --ignore-mdc-error can be used to turn this failure into a
    warning.  Take care: Never use that option unconditionally or
    without a prior warning.

  * gpg: The MDC encryption mode is now always used regardless of the
    cipher algorithm or any preferences.  For testing --rfc2440 can be
    used to create a message without an MDC.

  * gpg: Sanitize the diagnostic output of the original file name in
    verbose mode.  [#4012,CVE-2018-12020]

  * gpg: Detect suspicious multiple plaintext packets in a more
    reliable way.  [#4000]

  * gpg: Fix the duplicate key signature detection code.  [#3994]

  * gpg: The options --no-mdc-warn, --force-mdc, --no-force-mdc,
    --disable-mdc and --no-disable-mdc have no more effect.

169 170
  * gpg: New command --show-keys.

Werner Koch's avatar
Werner Koch committed
171 172 173
  * agent: Add DBUS_SESSION_BUS_ADDRESS and a few other envvars to the
    list of startup environment variables.  [#3947]

174 175
  See-also: gnupg-announce/2018q2/000425.html

Werner Koch's avatar
Werner Koch committed
176

Werner Koch's avatar
Werner Koch committed
177
Noteworthy changes in version 2.2.7 (2018-05-02)
Werner Koch's avatar
Werner Koch committed
178 179
------------------------------------------------

180 181 182
  * gpg: New option --no-symkey-cache to disable the passphrase cache
    for symmetrical en- and decryption.

183 184 185
  * gpg: The ERRSIG status now prints the fingerprint if that is part
    of the signature.

186 187 188 189
  * gpg: Relax emitting of FAILURE status lines

  * gpg: Add a status flag to "sig" lines printed with --list-sigs.

Werner Koch's avatar
Werner Koch committed
190
  * gpg: Fix "Too many open files" when using --multifile.  [#3951]
191

Werner Koch's avatar
Werner Koch committed
192
  * ssh: Return an error for unknown ssh-agent flags.  [#3880]
193 194 195 196

  * dirmngr: Fix a regression since 2.1.16 which caused corrupted CRL
    caches under Windows.  [#2448,#3923]

197 198 199
  * dirmngr: Fix a CNAME problem with pools and TLS.  Also use a fixed
    mapping of keys.gnupg.net to sks-keyservers.net.  [#3755]

200 201
  * dirmngr: Try resurrecting dead hosts earlier (from 3 to 1.5 hours).

Werner Koch's avatar
Werner Koch committed
202 203 204 205 206 207 208 209 210 211 212
  * dirmngr: Fallback to CRL if no default OCSP responder is configured.

  * dirmngr: Implement CRL fetching via https.  Here a redirection to
    http is explictly allowed.

  * dirmngr: Make LDAP searching and CRL fetching work under Windows.
    This stopped working with 2.1.  [#3937]

  * agent,dirmngr: New sub-command "getenv" for "getinfo" to ease
    debugging.

Werner Koch's avatar
Werner Koch committed
213
  See-also: gnupg-announce/2018q2/000424.html
Werner Koch's avatar
Werner Koch committed
214

Werner Koch's avatar
Werner Koch committed
215

Werner Koch's avatar
Werner Koch committed
216
Noteworthy changes in version 2.2.6 (2018-04-09)
Werner Koch's avatar
Werner Koch committed
217 218
------------------------------------------------

Werner Koch's avatar
Werner Koch committed
219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261
  * gpg,gpgsm: New option --request-origin to pretend requests coming
    from a browser or a remote site.

  * gpg: Fix race condition on trustdb.gpg updates due to too early
    released lock.  [#3839]

  * gpg: Emit FAILURE status lines in almost all cases.  [#3872]

  * gpg: Implement --dry-run for --passwd to make checking a key's
    passphrase straightforward.

  * gpg: Make sure to only accept a certification capable key for key
    signatures.  [#3844]

  * gpg: Better user interaction in --card-edit for the factory-reset
    sub-command.

  * gpg: Improve changing key attributes in --card-edit by adding an
    explicit "key-attr" sub-command.  [#3781]

  * gpg: Print the keygrips in the --card-status.

  * scd: Support KDF DO setup.  [#3823]

  * scd: Fix some issues with PC/SC on Windows.  [#3825]

  * scd: Fix suspend/resume handling in the CCID driver.

  * agent: Evict cached passphrases also via a timer.  [#3829]

  * agent: Use separate passphrase caches depending on the request
    origin.  [#3858]

  * ssh: Support signature flags.  [#3880]

  * dirmngr: Handle failures related to missing IPv6 support
    gracefully.  [#3331]

  * Fix corner cases related to specified home directory with
    drive letter on Windows.  [#3720]

  * Allow the use of UNC directory names as homedir.  [#3818]

262 263
  See-also: gnupg-announce/2018q2/000421.html

Werner Koch's avatar
Werner Koch committed
264

Werner Koch's avatar
Werner Koch committed
265
Noteworthy changes in version 2.2.5 (2018-02-22)
Werner Koch's avatar
Werner Koch committed
266 267
------------------------------------------------

Werner Koch's avatar
Werner Koch committed
268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308
  * gpg: Allow the use of the "cv25519" and "ed25519" short names in
    addition to the canonical curve names in --batch --gen-key.

  * gpg: Make sure to print all secret keys with option --list-only
    and --decrypt.  [#3718]

  * gpg: Fix the use of future-default with --quick-add-key for
    signing keys.  [#3747]

  * gpg: Select a secret key by checking availability under gpg-agent.
    [#1967]

  * gpg: Fix reversed prompt texts for --only-sign-text-ids.  [#3787]

  * gpg,gpgsm: Fix detection of bogus keybox blobs on 32 bit systems.
    [#3770]

  * gpgsm: Fix regression since 2.1 in --export-secret-key-raw which
    got $d mod (q-1)$ wrong.  Note that most tools automatically fixup
    that parameter anyway.

  * ssh: Fix a regression in getting the client'd PID on *BSD and
    macOS.

  * scd: Support the KDF Data Object of the OpenPGP card 3.3.  [#3152]

  * scd: Fix a regression in the internal CCID driver for certain card
    readers.  [#3508]

  * scd: Fix a problem on NetBSD killing scdaemon on gpg-agent
    shutdown.  [#3778]

  * dirmngr: Improve returned error description on failure of DNS
    resolving.  [#3756]

  * wks: Implement command --install-key for gpg-wks-server.

  * Add option STATIC=1 to the Speedo build system to allow a build
    with statically linked versions of the core GnuPG libraries.  Also
    use --enable-wks-tools by default by Speedo builds for Unix.

309 310
  See-also: gnupg-announce/2018q1/000420.html

Werner Koch's avatar
Werner Koch committed
311

Werner Koch's avatar
Werner Koch committed
312
Noteworthy changes in version 2.2.4 (2017-12-20)
Werner Koch's avatar
Werner Koch committed
313 314
------------------------------------------------

Werner Koch's avatar
Werner Koch committed
315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341
  * gpg: Change default preferences to prefer SHA512.

  * gpg: Print a warning when more than 150 MiB are encrypted using a
    cipher with 64 bit block size.

  * gpg: Print a warning if the MDC feature has not been used for a
    message.

  * gpg: Fix regular expression of domain addresses in trust
    signatures. [#2923]

  * agent: New option --auto-expand-secmem to help with high numbers
    of concurrent connections.  Requires libgcrypt 1.8.2 for having
    an effect.  [#3530]

  * dirmngr: Cache responses of WKD queries.

  * gpgconf: Add option --status-fd.

  * wks: Add commands --check and --remove-key to gpg-wks-server.

  * Increase the backlog parameter of the daemons to 64 and add
    option --listen-backlog.

  * New configure option --enable-run-gnupg-user-socket to first try a
    socket directory which is not removed by systemd at session end.

Werner Koch's avatar
Werner Koch committed
342 343
  See-also: gnupg-announce/2017q4/000419.html

Werner Koch's avatar
Werner Koch committed
344

Werner Koch's avatar
Werner Koch committed
345
Noteworthy changes in version 2.2.3 (2017-11-20)
Werner Koch's avatar
Werner Koch committed
346 347
------------------------------------------------

Werner Koch's avatar
Werner Koch committed
348 349 350 351 352 353 354 355 356 357 358 359 360 361 362
  * gpgsm: Fix initial keybox creation on Windows. [#3507]

  * dirmngr: Fix crash in case of a CRL loading error. [#3510]

  * Fix the name of the Windows registry key. [Git#4f5afaf1fd]

  * gpgtar: Fix wrong behaviour of --set-filename. [#3500]

  * gpg: Silence AKL retrieval messages. [#3504]

  * agent: Use clock or clock_gettime for calibration. [#3056]

  * agent: Improve robustness of the shutdown pending
    state. [Git#7ffedfab89]

Werner Koch's avatar
Werner Koch committed
363 364
  See-also: gnupg-announce/2017q4/000417.html

Werner Koch's avatar
Werner Koch committed
365

Werner Koch's avatar
Werner Koch committed
366
Noteworthy changes in version 2.2.2 (2017-11-07)
Werner Koch's avatar
Werner Koch committed
367 368
------------------------------------------------

Werner Koch's avatar
Werner Koch committed
369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400 401 402 403 404 405 406 407
  * gpg: Avoid duplicate key imports by concurrently running gpg
    processes. [#3446]

  * gpg: Fix creating on-disk subkey with on-card primary key. [#3280]

  * gpg: Fix validity retrieval for multiple keyrings. [Debian#878812]

  * gpg: Fix --dry-run and import option show-only for secret keys.

  * gpg: Print "sec" or "sbb" for secret keys with import option
    import-show. [#3431]

  * gpg: Make import less verbose. [#3397]

  * gpg: Add alias "Key-Grip" for parameter "Keygrip" and new
    parameter "Subkey-Grip" to unattended key generation.  [#3478]

  * gpg: Improve "factory-reset" command for OpenPGP cards.  [#3286]

  * gpg: Ease switching Gnuk tokens into ECC mode by using the magic
    keysize value 25519.

  * gpgsm: Fix --with-colon listing in crt records for fields > 12.

  * gpgsm: Do not expect X.509 keyids to be unique.  [#1644]

  * agent: Fix stucked Pinentry when using --max-passphrase-days. [#3190]

  * agent: New option --s2k-count.  [#3276 (workaround)]

  * dirmngr: Do not follow https-to-http redirects. [#3436]

  * dirmngr: Reduce default LDAP timeout from 100 to 15 seconds. [#3487]

  * gpgconf: Ignore non-installed components for commands
    --apply-profile and --apply-defaults. [#3313]

  * Add configure option --enable-werror.  [#2423]

Werner Koch's avatar
Werner Koch committed
408 409
  See-also: gnupg-announce/2017q4/000416.html

Werner Koch's avatar
Werner Koch committed
410

Werner Koch's avatar
Werner Koch committed
411
Noteworthy changes in version 2.2.1 (2017-09-19)
Werner Koch's avatar
Werner Koch committed
412 413
------------------------------------------------

Werner Koch's avatar
Werner Koch committed
414 415 416 417 418 419 420 421 422 423 424 425 426 427 428 429 430 431
  * gpg: Fix formatting of the user id in batch mode key generation
    if only "name-email" is given.

  * gpgv: Fix annoying "not suitable for" warnings.

  * wks: Convey only the newest user id to the provider.  This is the
    case if different names are used with the same addr-spec.

  * wks: Create a complying user id for provider policy mailbox-only.

  * wks: Add workaround for posteo.de.

  * scd: Fix the use of large ECC keys with an OpenPGP card.

  * dirmngr: Use system provided root certificates if no specific HKP
    certificates are configured.  If build with GNUTLS, this was
    already the case.

Werner Koch's avatar
Werner Koch committed
432 433
  See-also: gnupg-announce/2017q3/000415.html

Werner Koch's avatar
Werner Koch committed
434

Werner Koch's avatar
Werner Koch committed
435 436 437 438 439 440 441 442 443 444
Noteworthy changes in version 2.2.0 (2017-08-28)
------------------------------------------------

  This is the new long term stable branch.  This branch will only see
  bug fixes and no new features.

  * gpg: Reverted change in 2.1.23 so that --no-auto-key-retrieve is
    again the default.

  * Fixed a few minor bugs.
Werner Koch's avatar
Werner Koch committed
445

Werner Koch's avatar
Werner Koch committed
446 447
  See-also: gnupg-announce/2017q3/000413.html

Werner Koch's avatar
Werner Koch committed
448

Werner Koch's avatar
Werner Koch committed
449
Noteworthy changes in version 2.1.23 (2017-08-09)
Werner Koch's avatar
Werner Koch committed
450 451
-------------------------------------------------

Werner Koch's avatar
Werner Koch committed
452 453 454 455 456 457 458 459 460 461 462 463 464 465 466 467 468 469 470 471 472 473 474 475 476 477 478 479 480 481 482 483 484
  * gpg: "gpg" is now installed as "gpg" and not anymore as "gpg2".
    If needed, the new configure option --enable-gpg-is-gpg2 can be
    used to revert this.

  * gpg: Options --auto-key-retrieve and --auto-key-locate "local,wkd"
    are now used by default.  Note: this enables keyserver and Web Key
    Directory operators to notice when a signature from a locally
    non-available key is being verified for the first time or when
    you intend to encrypt to a mail address without having the key
    locally.  This new behaviour will eventually make key discovery
    much easier and mostly automatic.  Disable this by adding
      no-auto-key-retrieve
      auto-key-locate local
    to your gpg.conf.

  * agent: Option --no-grab is now the default.  The new option --grab
    allows to revert this.

  * gpg: New import option "show-only".

  * gpg: New option --disable-dirmngr to entirely disable network
    access for gpg.

  * gpg,gpgsm: Tweaked DE-VS compliance behaviour.

  * New configure flag --enable-all-tests to run more extensive tests
    during "make check".

  * gpgsm: The keygrip is now always printed in colon mode as
    documented in the man page.

  * Fixed connection timeout problem under Windows.

Werner Koch's avatar
Werner Koch committed
485 486
  See-also: gnupg-announce/2017q3/000412.html

Werner Koch's avatar
Werner Koch committed
487

Werner Koch's avatar
Werner Koch committed
488
Noteworthy changes in version 2.1.22 (2017-07-28)
Werner Koch's avatar
Werner Koch committed
489 490
-------------------------------------------------

Werner Koch's avatar
Werner Koch committed
491 492 493 494 495 496 497 498 499 500 501 502 503 504 505 506 507 508 509 510 511 512 513 514 515 516 517 518 519 520 521 522 523 524 525 526 527 528 529
  * gpg: Extend command --quick-set-expire to allow for setting the
    expiration time of subkeys.

  * gpg: By default try to repair keys during import.  New sub-option
    no-repair-keys for --import-options.

  * gpg,gpgsm: Improved checking and reporting of DE-VS compliance.

  * gpg: New options --key-origin and --with-key-origin.  Store the
    time of the last key update from keyservers, WKD, or DANE.

  * agent: New option --ssh-fingerprint-digest.

  * dimngr: Lower timeouts on keyserver connection attempts and made
    it configurable.

  * dirmngr: Tor will now automatically be detected and used.  The
    option --no-use-tor disables Tor detection.

  * dirmngr: Now detects a changed /etc/resolv.conf.

  * agent,dirmngr: Initiate shutdown on removal of the GnuPG home
    directory.

  * gpg: Avoid caching passphrase for failed symmetric encryption.

  * agent: Support for unprotected ssh keys.

  * dirmngr: Fixed name resolving on systems using only v6
    nameservers.

  * dirmngr: Allow the use of TLS over http proxies.

  * w32: Change directory of the daemons after startup.

  * wks: New man pages for client and server.

  * Many other bug fixes.

Werner Koch's avatar
Werner Koch committed
530 531
  See-also: gnupg-announce/2017q3/000411.html

Werner Koch's avatar
Werner Koch committed
532

Werner Koch's avatar
Werner Koch committed
533
Noteworthy changes in version 2.1.21 (2017-05-15)
Werner Koch's avatar
Werner Koch committed
534 535
-------------------------------------------------

Werner Koch's avatar
Werner Koch committed
536 537 538 539 540 541 542 543
  * gpg,gpgsm: Fix corruption of old style keyring.gpg files.  This
    bug was introduced with version 2.1.20.  Note that the default
    pubring.kbx format was not affected.

  * gpg,dirmngr: Removed the skeleton config file support.  The
    system's standard methods for providing default configuration
    files should be used instead.

544 545
  * w32: The Windows installer now allows installation of GnuPG
    without Administrator permissions.
Werner Koch's avatar
Werner Koch committed
546 547 548 549 550 551 552 553 554

  * gpg: Fixed import filter property match bug.

  * scd: Removed Linux support for Cardman 4040 PCMCIA reader.

  * scd: Fixed some corner case bugs in resume/suspend handling.

  * Many minor bug fixes and code cleanup.

Werner Koch's avatar
Werner Koch committed
555 556
  See-also: gnupg-announce/2017q2/000405.html

Werner Koch's avatar
Werner Koch committed
557

Werner Koch's avatar
Werner Koch committed
558
Noteworthy changes in version 2.1.20 (2017-04-03)
Werner Koch's avatar
Werner Koch committed
559 560
-------------------------------------------------

Werner Koch's avatar
Werner Koch committed
561
  * gpg: New properties 'expired', 'revoked', and 'disabled' for the
Werner Koch's avatar
Werner Koch committed
562 563 564 565 566 567 568 569 570 571 572 573 574 575 576 577 578 579 580 581 582 583 584 585 586 587 588 589 590 591 592 593 594 595 596 597 598 599 600 601
    import and export filters.

  * gpg: New command --quick-set-primary-uid.

  * gpg: New compliance field for the --with-colon key listing.

  * gpg: Changed the key parser to generalize the processing of local
    meta data packets.

  * gpg: Fixed assertion failure in the TOFU trust model.

  * gpg: Fixed exporting of zero length user ID packets.

  * scd: Improved support for multiple readers.

  * scd: Fixed timeout handling for key generation.

  * agent: New option --enable-extended-key-format.

  * dirmngr: Do not add a keyserver to a new dirmngr.conf.  Dirmngr
    uses a default keyserver.

  * dimngr: Do not treat TLS warning alerts as severe error when
    building with GNUTLS.

  * dirmngr: Actually take /etc/hosts in account.

  * wks: Fixed client problems on Windows.  Published keys are now set
    to world-readable.

  * tests: Fixed creation of temporary directories.

  * A socket directory for a non standard GNUGHOME is now created on
    the fly under /run/user.  Thus "gpgconf --create-socketdir" is now
    optional.  The use of "gpgconf --remove-socketdir" to clean up
    obsolete socket directories is however recommended to avoid
    cluttering /run/user with useless directories.

  * Fixed build problems on some platforms.

Werner Koch's avatar
Werner Koch committed
602
  See-also: gnupg-announce/2017q2/000404.html
Werner Koch's avatar
Werner Koch committed
603

Werner Koch's avatar
Werner Koch committed
604

Werner Koch's avatar
Werner Koch committed
605
Noteworthy changes in version 2.1.19 (2017-03-01)
Werner Koch's avatar
Werner Koch committed
606 607
-------------------------------------------------

Werner Koch's avatar
Werner Koch committed
608 609 610 611 612 613 614 615 616 617 618 619
  * gpg: Print a warning if Tor mode is requested but the Tor daemon
    is not running.

  * gpg: New status code DECRYPTION_KEY to print the actual private
    key used for decryption.

  * gpgv: New options --log-file and --debug.

  * gpg-agent: Revamp the prompts to ask for card PINs.

  * scd: Support for multiple card readers.

620 621 622
  * scd: Removed option --debug-disable-ticker.  Ticker is used
    only when it is required to watch removal of device/card.

Werner Koch's avatar
Werner Koch committed
623 624 625 626 627 628 629 630 631 632 633 634 635 636 637 638 639 640 641 642 643 644 645 646 647 648 649 650 651
  * scd: Improved detection of card inserting and removal.

  * dirmngr: New option --disable-ipv4.

  * dirmngr: New option --no-use-tor to explicitly disable the use of
    Tor.

  * dirmngr: The option --allow-version-check is now required even if
    the option --use-tor is also used.

  * dirmngr: Handle a missing nsswitch.conf gracefully.

  * dirmngr: Avoid PTR lookups for keyserver pools.  The are only done
    for the debug command "keyserver --hosttable".

  * dirmngr: Rework the internal certificate cache to support classes
    of certificates.  Load system provided certificates on startup.
    Add options --tls, --no-crl, and --systrust to the "VALIDATE"
    command.

  * dirmngr: Add support for the ntbtls library.

  * wks: Create mails with a "WKS-Phase" header.  Fix detection of
    Draft-2 mode.

  * The Windows installer is now build with limited TLS support.

  * Many other bug fixes and new regression tests.

Werner Koch's avatar
Werner Koch committed
652 653
  See-also: gnupg-announce/2017q1/000402.html

Werner Koch's avatar
Werner Koch committed
654

Werner Koch's avatar
Werner Koch committed
655
Noteworthy changes in version 2.1.18 (2017-01-23)
Werner Koch's avatar
Werner Koch committed
656 657
-------------------------------------------------

Werner Koch's avatar
Werner Koch committed
658 659 660 661 662 663 664 665 666 667 668 669 670 671 672 673 674 675 676 677 678 679 680 681 682 683 684 685 686 687 688 689 690 691 692 693 694 695 696 697 698 699 700 701 702 703 704 705 706 707 708 709 710 711 712 713 714 715 716 717
  * gpg: Remove bogus subkey signature while cleaning a key (with
    export-clean, import-clean, or --edit-key's sub-command clean)

  * gpg: Allow freezing the clock with --faked-system-time.

  * gpg: New --export-option flag "backup", new --import-option flag
    "restore".

  * gpg-agent: Fixed long delay due to a regression in the progress
    callback code.

  * scd: Lots of code cleanup and internal changes.

  * scd: Improved the internal CCID driver.

  * dirmngr: Fixed problem with the DNS glue code (removal of the
    trailing dot in domain names).

  * dirmngr: Make sure that Tor is actually enabled after changing the
    conf file and sending SIGHUP or "gpgconf --reload dirmngr".

  * dirmngr: Fixed Tor access to IPv6 addresses.  Note that current
    versions of Tor may require that the flag "IPv6Traffic" is used
    with the option "SocksPort" in torrc to actually allow IPv6
    traffic.

  * dirmngr: Fixed HKP for literally given IPv6 addresses.

  * dirmngr: Enabled reverse DNS lookups via Tor.

  * dirmngr: Added experimental SRV record lookup for WKD.
    See commit 88dc3af3d4ae1afe1d5e136bc4c38bc4e7d4cd10 for details.

  * dirmngr: For HKP use "pgpkey-hkps" and "pgpkey-hkp" in SRV record
    lookups.  Avoid SRV record lookup when a port is explicitly
    specified.  This fixes a regression from the 1.4 and 2.0 behavior.

  * dirmngr: Gracefully handle a missing /etc/nsswitch.conf.  Ignore
    negation terms (e.g. "[!UNAVAIL=return]" instead of bailing out.

  * dirmngr: Better debug output for flags "dns" and "network".

  * dirmngr: On reload mark all known HKP servers alive.

  * gpgconf: Allow keyword "all" for --launch, --kill, and --reload.

  * tools: gpg-wks-client now ignores a missing policy file on the
    server.

  * Avoid unnecessary ambiguity error message in the option parsing.

  * Further improvements of the regression test suite.

  * Fixed building with --disable-libdns configure option.

  * Fixed a crash running the tests on 32 bit architectures.

  * Fixed spurious failures on BSD system in the spawn functions.
    This affected for example gpg-wks-client and gpgconf.

718 719
  See-also: gnupg-announce/2017q1/000401.html

Werner Koch's avatar
Werner Koch committed
720

Werner Koch's avatar
Werner Koch committed
721
Noteworthy changes in version 2.1.17 (2016-12-20)
Werner Koch's avatar
Werner Koch committed
722 723
-------------------------------------------------

Werner Koch's avatar
Werner Koch committed
724 725 726 727 728 729 730 731 732 733
 * gpg: By default new keys expire after 2 years.

 * gpg: New command --quick-set-expire to conveniently change the
   expiration date of keys.

 * gpg: Option and command names have been changed for easier
   comprehension.  The old names are still available as aliases.

 * gpg: Improved the TOFU trust model.

734 735
 * gpg: New option --default-new-key-algo.

Werner Koch's avatar
Werner Koch committed
736 737 738 739 740 741 742 743 744 745 746 747 748 749 750 751 752 753 754 755
 * scd: Support OpenPGP card V3 for RSA.

 * dirmngr: Support for the ADNS library has been removed.  Instead
   William Ahern's Libdns is now source included and used on all
   platforms.  This enables Tor support on all platforms.  The new
   option --standard-resolver can be used to disable this code at
   runtime.  In case of build problems the new configure option
   --disable-libdns can be used to build without Libdns.

 * dirmngr: Lazily launch ldap reaper thread.

 * tools: New options --check and --status-fd for gpg-wks-client.

 * The UTF-8 byte order mark is now skipped when reading conf files.

 * Fixed many bugs and regressions.

 * Major improvements to the test suite.  For example it is possible
   to run the external test suite of GPGME.

756 757
 See-also: gnupg-announce/2016q4/000400.html

Werner Koch's avatar
Werner Koch committed
758

Werner Koch's avatar
Werner Koch committed
759
Noteworthy changes in version 2.1.16 (2016-11-18)
Werner Koch's avatar
Werner Koch committed
760 761
-------------------------------------------------

Werner Koch's avatar
Werner Koch committed
762 763 764 765 766 767 768 769 770 771 772 773 774 775 776 777 778 779 780 781 782 783 784 785 786 787 788 789 790 791 792 793 794 795 796 797 798 799 800 801 802 803 804 805 806 807 808 809 810 811 812 813 814 815 816 817 818 819 820 821 822 823 824 825 826 827 828 829
 * gpg: New algorithm for selecting the best ranked public key when
   using a mail address with -r, -R, or --locate-key.

 * gpg: New option --with-tofu-info to print a new "tfs" record in
   colon formatted key listings.

 * gpg: New option --compliance as an alternative way to specify
   options like --rfc2440, --rfc4880, et al.

 * gpg: Many changes to the TOFU implementation.

 * gpg: Improve usability of --quick-gen-key.

 * gpg: In --verbose mode print a diagnostic when a pinentry is
   launched.

 * gpg: Remove code which warns for old versions of gnome-keyring.

 * gpg: New option --override-session-key-fd.

 * gpg: Option --output does now work with --verify.

 * gpgv: New option --output to allow saving the verified data.

 * gpgv: New option --enable-special-filenames.

 * agent, dirmngr: New --supervised mode for use by systemd and alike.

 * agent: By default listen on all available sockets using standard
   names.

 * agent: Invoke scdaemon with --homedir.

 * dirmngr: On Linux now detects the removal of its own socket and
   terminates.

 * scd: Support ECC key generation.

 * scd: Support more card readers.

 * dirmngr: New option --allow-version-check to download a software
   version database in the background.

 * dirmngr: Use system provided CAs if no --hkp-cacert is given.

 * dirmngr: Use a default keyserver if none is explicitly set

 * gpgconf: New command --query-swdb to check software versions
   against an copy of an online database.

 * gpgconf: Print the socket directory with --list-dirs.

 * tools: The WKS tools now support draft version -02.

 * tools: Always build gpg-wks-client and install under libexec.

 * tools: New option --supported for gpg-wks-client.

 * The log-file option now accepts a value "socket://" to log to the
   socket named "S.log" in the standard socket directory.

 * Provide fake pinentries for use by tests cases of downstream
   developers.

 * Fixed many bugs and regressions.

 * Many changes and improvements for the test suite.

830 831
 See-also: gnupg-announce/2016q4/000398.html

Werner Koch's avatar
Werner Koch committed
832

Werner Koch's avatar
Werner Koch committed
833
Noteworthy changes in version 2.1.15 (2016-08-18)
Werner Koch's avatar
Werner Koch committed
834 835
-------------------------------------------------

Werner Koch's avatar
Werner Koch committed
836 837 838 839 840 841 842 843 844 845 846 847 848 849 850 851 852 853 854 855 856 857 858 859 860 861 862 863 864 865 866 867 868 869 870 871 872 873 874 875 876 877 878 879 880 881 882
 * gpg: Remove the --tofu-db-format option and support for the split
   TOFU database.

 * gpg: Add option --sender to prepare for coming features.

 * gpg: Add option --input-size-hint to help progress indicators.

 * gpg: Extend the PROGRESS status line with the counted unit.

 * gpg: Avoid publishing the GnuPG version by default with --armor.

 * gpg: Properly ignore legacy keys in the keyring cache.

 * gpg: Always print fingerprint records in --with-colons mode.

 * gpg: Make sure that keygrips are printed for each subkey in
   --with-colons mode.

 * gpg: New import filter "drop-sig".

 * gpgsm: Fix a bug in the machine-readable key listing.

 * gpg,gpgsm: Block signals during keyring updates to limits the
   effects of a Ctrl-C at the wrong time.

 * g13: Add command --umount and other fixes for dm-crypt.

 * agent: Fix regression in SIGTERM handling.

 * agent: Cleanup of the ssh-agent code.

 * agent: Allow import of overly long keys.

 * scd: Fix problems with card removal.

 * dirmngr: Remove all code for running as a system service.

 * tools: Make gpg-wks-client conforming to the specs.

 * tests: Improve the output of the new regression test tool.

 * tests: Distribute the standalone test runner.

 * tests: Run each test in a clean environment.

 * Spelling and grammar fixes.

883 884
 See-also: gnupg-announce/2016q3/000396.html

Werner Koch's avatar
Werner Koch committed
885

Werner Koch's avatar
Werner Koch committed
886
Noteworthy changes in version 2.1.14 (2016-07-14)
Werner Koch's avatar
Werner Koch committed
887 888
-------------------------------------------------

Werner Koch's avatar
Werner Koch committed
889 890 891 892 893 894 895 896 897 898 899 900 901 902 903 904 905 906 907 908 909 910 911 912 913 914 915 916 917 918 919 920 921 922 923 924 925 926 927 928 929 930 931 932 933 934 935 936 937 938 939 940 941 942
 * gpg: Removed options --print-dane-records and --print-pka-records.
   The new export options "export-pka" and "export-dane" can instead
   be used with the export command.

 * gpg: New options --import-filter and --export-filter.

 * gpg: New import options "import-show" and "import-export".

 * gpg: New option --no-keyring.

 * gpg: New command --quick-revuid.

 * gpg: New options -f/--recipient-file and -F/--hidden-recipient-file
   to directly specify encryption keys.

 * gpg: New option --mimemode to indicate that the content is a MIME
   part.  Does only enable --textmode right now.

 * gpg: New option --rfc4880bis to allow experiments with proposed
   changes to the current OpenPGP specs.

 * gpg: Fix regression in the "fetch" sub-command of --card-edit.

 * gpg: Fix regression since 2.1 in option --try-all-secrets.

 * gpgv: Change default options for extra security.

 * gpgsm: No more root certificates are installed by default.

 * agent: "updatestartuptty" does now affect more environment
   variables.

 * scd: The option --homedir does now work with scdaemon.

 * scd: Support some more GEMPlus card readers.

 * gpgtar: Fix handling of '-' as file name.

 * gpgtar: New commands --create and --extract.

 * gpgconf: Tweak for --list-dirs to better support shell scripts.

 * tools: Add programs gpg-wks-client and gpg-wks-server to implement
   a Web Key Service.  The configure option --enable-wks-tools is
   required to build them; they should be considered Beta software.

 * tests: Complete rework of the openpgp part of the test suite.  The
   test scripts have been changed from Bourne shell scripts to Scheme
   programs.  A customized scheme interpreter (gpgscm) is included.
   This change was triggered by the need to run the test suite on
   non-Unix platforms.

 * The rendering of the man pages has been improved.

943 944
 See-also: gnupg-announce/2016q3/000393.html

Werner Koch's avatar
Werner Koch committed
945

Werner Koch's avatar
Werner Koch committed
946
Noteworthy changes in version 2.1.13 (2016-06-16)
Werner Koch's avatar
Werner Koch committed
947 948
-------------------------------------------------

Werner Koch's avatar
Werner Koch committed
949 950 951 952 953 954 955 956 957 958 959 960 961 962 963 964 965 966 967 968 969 970 971 972 973 974 975 976 977 978 979 980 981 982 983 984 985 986 987 988 989 990 991 992 993 994
 * gpg: New command --quick-addkey.  Extend the --quick-gen-key
   command.

 * gpg: New --keyid-format "none" which is now also the default.

 * gpg: New option --with-subkey-fingerprint.

 * gpg: Include Signer's UID subpacket in signatures if the secret key
   has been specified using a mail address and the new option
   --disable-signer-uid is not used.

 * gpg: Allow unattended deletion of a secret key.

 * gpg: Allow export of non-passphrase protected secret keys.

 * gpg: New status lines KEY_CONSIDERED and NOTATION_FLAGS.

 * gpg: Change status line TOFU_STATS_LONG to use '~' as
   a non-breaking-space character.

 * gpg: Speedup key listings in Tofu mode.

 * gpg: Make sure that the current and total values of a PROGRESS
   status line are small enough.

 * gpgsm: Allow the use of AES192 and SERPENT ciphers.

 * dirmngr: Adjust WKD lookup to current specs.

 * dirmngr: Fallback to LDAP v3 if v2 is is not supported.

 * gpgconf: New commands --create-socketdir and --remove-socketdir,
   new option --homedir.

 * If a /run/user/$UID directory exists, that directory is now used
   for IPC sockets instead of the GNUPGHOME directory.  This fixes
   problems with NFS and too long socket names and thus avoids the
   need for redirection files.

 * The Speedo build systems now uses the new versions.gnupg.org server
   to retrieve the default package versions.

 * Fix detection of libusb on FreeBSD.

 * Speedup fd closing after a fork.

995 996
 See-also: gnupg-announce/2016q2/000390.html

Werner Koch's avatar
Werner Koch committed
997

Werner Koch's avatar
Werner Koch committed
998
Noteworthy changes in version 2.1.12 (2016-05-04)
Werner Koch's avatar
Werner Koch committed
999 1000
-------------------------------------------------

Werner Koch's avatar
Werner Koch committed
1001 1002 1003 1004 1005 1006 1007 1008 1009 1010 1011 1012 1013 1014 1015 1016 1017 1018 1019 1020 1021 1022 1023 1024 1025 1026 1027 1028 1029 1030 1031 1032 1033 1034 1035 1036 1037 1038 1039 1040 1041 1042 1043 1044 1045 1046 1047 1048 1049
 * gpg: New --edit-key sub-command "change-usage" for testing
   purposes.

 * gpg: Out of order key-signatures are now systematically detected
   and fixed by --edit-key.

 * gpg: Improved detection of non-armored messages.

 * gpg: Removed the extra prompt needed to create Curve25519 keys.

 * gpg: Improved user ID selection for --quick-sign-key.

 * gpg: Use the root CAs provided by the system with --fetch-key.

 * gpg: Add support for the experimental Web Key Directory key
   location service.

 * gpg: Improve formatting of Tofu messages and emit new Tofu specific
   status lines.

 * gpgsm: Add option --pinentry-mode to support a loopback pinentry.

 * gpgsm: A new pubring.kbx is now created with the header blob so
   that gpg can detect that the keybox format needs to be used.

 * agent: Add read support for the new private key protection format
   openpgp-s2k-ocb-aes.

 * agent: Add read support for the new extended private key format.

 * agent: Default to --allow-loopback-pinentry and add option
   --no-allow-loopback-pinentry.

 * scd: Changed to use the new libusb 1.0 API for the internal CCID
   driver.

 * dirmngr: The dirmngr-client does now auto-detect the PEM format.

 * g13: Add experimental support for dm-crypt.

 * w32: Tofu support is now available with the Speedo build method.

 * w32: Removed the need for libiconv.dll.

 * The man pages for gpg and gpgv are now installed under the correct
   name (gpg2 or gpg - depending on a configure option).

 * Lots of internal cleanups and bug fixes.

1050 1051
 See-also: gnupg-announce/2016q2/000387.html

Werner Koch's avatar
Werner Koch committed
1052

Werner Koch's avatar
Werner Koch committed
1053
Noteworthy changes in version 2.1.11 (2016-01-26)
Werner Koch's avatar
Werner Koch committed
1054 1055
-------------------------------------------------

Werner Koch's avatar
Werner Koch committed
1056 1057 1058 1059 1060 1061 1062 1063 1064 1065
 * gpg: New command --export-ssh-key to replace the gpgkey2ssh tool.

 * gpg: Allow to generate mail address only keys with --gen-key.

 * gpg: "--list-options show-usage" is now the default.

 * gpg: Make lookup of DNS CERT records holding an URL work.

 * gpg: Emit PROGRESS status lines during key generation.

1066 1067 1068
 * gpg: Don't check for ambigious or non-matching key specification in
   the config file or given to --encrypt-to.  This feature will return
   in 2.3.x.
Werner Koch's avatar
Werner Koch committed
1069

Werner Koch's avatar
Werner Koch committed
1070 1071 1072 1073 1074 1075 1076 1077 1078 1079 1080 1081 1082 1083 1084 1085 1086 1087 1088 1089 1090 1091 1092 1093 1094 1095 1096 1097 1098 1099 1100 1101 1102
 * gpg: Lock keybox files while updating them.

 * gpg: Solve rare error on Windows during keyring and Keybox updates.

 * gpg: Fix possible keyring corruption. (bug#2193)

 * gpg: Fix regression of "bkuptocard" sub-command in --edit-key and
   remove "checkbkupkey" sub-command introduced with 2.1.  (bug#2169)

 * gpg: Fix internal error in gpgv when using default keyid-format.

 * gpg: Fix --auto-key-retrieve to work with dirmngr.conf configured
   keyservers. (bug#2147).

 * agent: New option --pinentry-timeout.

 * scd: Improve unplugging of USB readers under Windows.

 * scd: Fix regression for generating RSA keys on card.

 * dirmmgr: All configured keyservers are now searched.

 * dirmngr: Install CA certificate for hkps.pool.sks-keyservers.net.
   Use this certiticate even if --hkp-cacert is not used.

 * gpgtar: Add actual encryption code.  gpgtar does now fully replace
   gpg-zip.

 * gpgtar: Fix filename encoding problem on Windows.

 * Print a warning if a GnuPG component is using an older version of
   gpg-agent, dirmngr, or scdaemon.

1103 1104
 See-also: gnupg-announce/2016q1/000383.html

Werner Koch's avatar
Werner Koch committed
1105

Werner Koch's avatar
Werner Koch committed
1106
Noteworthy changes in version 2.1.10 (2015-12-04)
Werner Koch's avatar
Werner Koch committed
1107 1108
-------------------------------------------------

Werner Koch's avatar
Werner Koch committed
1109 1110 1111 1112 1113 1114 1115 1116 1117 1118 1119 1120 1121 1122 1123 1124 1125 1126
 * gpg: New trust models "tofu" and "tofu+pgp".

 * gpg: New command --tofu-policy.  New options --tofu-default-policy
   and --tofu-db-format.

 * gpg: New option --weak-digest to specify hash algorithms which
   should be considered weak.

 * gpg: Allow the use of multiple --default-key options; take the last
   available key.

 * gpg: New option --encrypt-to-default-key.

 * gpg: New option --unwrap to only strip the encryption layer.

 * gpg: New option --only-sign-text-ids to exclude photo IDs from key
   signing.

1127 1128
 * gpg: Check for ambigious or non-matching key specification in the
   config file or given to --encrypt-to.
Werner Koch's avatar
Werner Koch committed
1129 1130 1131 1132 1133 1134 1135 1136 1137 1138 1139

 * gpg: Show the used card reader with --card-status.

 * gpg: Print export statistics and an EXPORTED status line.

 * gpg: Allow selecting subkeys by keyid in --edit-key.

 * gpg: Allow updating the expiration time of multiple subkeys at
   once.

 * dirmngr: New option --use-tor.  For full support this requires
Werner Koch's avatar
Werner Koch committed
1140
   libassuan version 2.4.2 and a patched version of libadns
Werner Koch's avatar
Werner Koch committed
1141 1142 1143 1144 1145 1146 1147 1148 1149 1150 1151 1152
   (e.g. adns-1.4-g10-7 as used by the standard Windows installer).

 * dirmngr: New option --nameserver to specify the nameserver used in
   Tor mode.

 * dirmngr: Keyservers may again be specified by IP address.

 * dirmngr: Fixed problems in resolving keyserver pools.

 * dirmngr: Fixed handling of premature termination of TLS streams so
   that large numbers of keys can be refreshed via hkps.

Werner Koch's avatar
Werner Koch committed
1153
 * gpg: Fixed a regression in --locate-key [since 2.1.9].
Werner Koch's avatar
Werner Koch committed
1154 1155 1156 1157 1158 1159 1160 1161 1162

 * gpg: Fixed another bug for keyrings with legacy keys.

 * gpgsm: Allow combinations of usage flags in --gen-key.

 * Make tilde expansion work with most options.

 * Many other cleanups and bug fixes.

1163 1164
 See-also: gnupg-announce/2015q4/000381.html

Werner Koch's avatar
Werner Koch committed
1165

Werner Koch's avatar
Werner Koch committed
1166
Noteworthy changes in version 2.1.9 (2015-10-09)
Werner Koch's avatar
Werner Koch committed
1167 1168
------------------------------------------------

Werner Koch's avatar
Werner Koch committed
1169
 * gpg: Allow fetching keys via OpenPGP DANE (--auto-key-locate).  New
Werner Koch's avatar
Werner Koch committed
1170 1171
   option --print-dane-records.  [Update: --print-dane-records replaced
   in 2.1.4.]
Werner Koch's avatar
Werner Koch committed
1172 1173 1174 1175 1176 1177 1178 1179 1180 1181 1182 1183 1184 1185

 * gpg: Fix for a problem with PGP-2 keys in a keyring.

 * gpg: Fail with an error instead of a warning if a modern cipher
   algorithm is used without a MDC.

 * agent: New option --pinentry-invisible-char.

 * agent: Always do a RSA signature verification after creation.

 * agent: Fix a regression in ssh-add-ing Ed25519 keys.

 * agent: Fix ssh fingerprint computation for nistp384 and EdDSA.

1186
 * agent: Fix crash during passphrase entry on some platforms.
Werner Koch's avatar
Werner Koch committed
1187 1188 1189 1190 1191 1192 1193 1194

 * scd: Change timeout to fix problems with some 2.1 cards.

 * dirmngr: Displayed name is now Key Acquirer.

 * dirmngr: Add option --keyserver.  Deprecate that option for gpg.
   Install a dirmngr.conf file from a skeleton for new installations.

1195 1196
 See-also: gnupg-announce/2015q4/000380.html

Werner Koch's avatar
Werner Koch committed
1197

Werner Koch's avatar
Werner Koch committed
1198
Noteworthy changes in version 2.1.8 (2015-09-10)
Werner Koch's avatar
Werner Koch committed
1199 1200
------------------------------------------------

Werner Koch's avatar
Werner Koch committed
1201 1202 1203 1204 1205 1206 1207 1208 1209 1210 1211 1212 1213 1214 1215 1216 1217 1218 1219 1220 1221 1222 1223
 * gpg: Sending very large keys to the keyservers works again.

 * gpg: Validity strings in key listings are now again translatable.

 * gpg: Emit FAILURE status lines to help GPGME.

 * gpg: Does not anymore link to Libksba to reduce dependencies.

 * gpgsm: Export of secret keys via Assuan is now possible.

 * agent: Raise the maximum passphrase length from 100 to 255 bytes.

 * agent: Fix regression using EdDSA keys with ssh.

 * Does not anymore use a build timestamp by default.

 * The fallback encoding for broken locale settings changed
   from Latin-1 to UTF-8.

 * Many code cleanups and improved internal documentation.

 * Various minor bug fixes.

1224 1225
 See-also: gnupg-announce/2015q3/000379.html

Werner Koch's avatar
Werner Koch committed
1226

Werner Koch's avatar
Werner Koch committed
1227
Noteworthy changes in version 2.1.7 (2015-08-11)
Werner Koch's avatar
Werner Koch committed
1228 1229
------------------------------------------------

Werner Koch's avatar
Werner Koch committed
1230 1231 1232 1233 1234 1235 1236 1237 1238 1239 1240 1241 1242 1243 1244 1245 1246 1247 1248 1249 1250
 * gpg: Support encryption with Curve25519 if Libgcrypt 1.7 is used.

 * gpg: In the --edit-key menu: Removed the need for "toggle", changed
   how secret keys are indicated, new commands "fpr *" and "grip".

 * gpg: More fixes related to legacy keys in a keyring.

 * gpgv: Does now also work with a "trustedkeys.kbx" file.

 * scd: Support some feature from the OpenPGP card 3.0 specs.

 * scd: Improved ECC support

 * agent: New option --force for the DELETE_KEY command.

 * w32: Look for the Pinentry at more places.

 * Dropped deprecated gpgsm-gencert.sh

 * Various other bug fixes.

1251 1252
 See-also: gnupg-announce/2015q3/000371.html

Werner Koch's avatar
Werner Koch committed
1253

Werner Koch's avatar
Werner Koch committed
1254
Noteworthy changes in version 2.1.6 (2015-07-01)
Werner Koch's avatar
Werner Koch committed
1255 1256
------------------------------------------------

Werner Koch's avatar
Werner Koch committed
1257 1258 1259 1260 1261 1262 1263 1264 1265 1266 1267 1268 1269 1270 1271 1272 1273 1274 1275 1276 1277 1278 1279 1280 1281 1282
 * agent: New option --verify for the PASSWD command.

 * gpgsm: Add command option "offline" as an alternative to
   --disable-dirmngr.

 * gpg: Do not prompt multiple times for a password in pinentry
   loopback mode.

 * Allow the use of debug category names with --debug.

 * Using gpg-agent and gpg/gpgsm with different locales will now show
   the correct translations in Pinentry.

 * gpg: Improve speed of --list-sigs and --check-sigs.

 * gpg: Make --list-options show-sig-subpackets work again.

 * gpg: Fix an export problem for old keyrings with PGP-2 keys.

 * scd: Support PIN-pads on more readers.

 * dirmngr: Properly cleanup zombie LDAP helper processes and avoid
   hangs on dirmngr shutdown.

 * Various other bug fixes.

1283 1284
 See-also: gnupg-announce/2015q3/000370.html

Werner Koch's avatar
Werner Koch committed
1285

Werner Koch's avatar
Werner Koch committed
1286
Noteworthy changes in version 2.1.5 (2015-06-11)
Werner Koch's avatar
Werner Koch committed
1287 1288
------------------------------------------------

Werner Koch's avatar
Werner Koch committed
1289 1290 1291 1292 1293 1294 1295 1296 1297 1298
 * Support for an external passphrase cache.

 * Support for the forthcoming version 3 OpenPGP smartcard.

 * Manuals now show the actual used file names.

 * Prepared for improved integration with Emacs.

 * Code cleanups and minor bug fixes.

1299 1300
 See-also: gnupg-announce/2015q2/000369.html

Werner Koch's avatar
Werner Koch committed
1301

Werner Koch's avatar
Werner Koch committed
1302
Noteworthy changes in version 2.1.4 (2015-05-12)
Werner Koch's avatar
Werner Koch committed
1303 1304
------------------------------------------------

1305
 * gpg: Add command --quick-adduid to non-interactively add a new user
Werner Koch's avatar
Werner Koch committed
1306 1307 1308 1309 1310
   id to an existing key.

 * gpg: Do no enable honor-keyserver-url by default.  Make it work if
   enabled.

1311
 * gpg: Display the serial number in the --card-status output again.
Werner Koch's avatar
Werner Koch committed
1312 1313 1314 1315 1316 1317 1318 1319 1320 1321 1322 1323 1324 1325

 * agent: Support for external password managers.
   Add option --no-allow-external-cache.

 * scdaemon: Improved handling of extended APDUs.

 * Make HTTP proxies work again.

 * All network access including DNS as been moved to Dirmngr.

 * Allow building without LDAP support.

 * Fixed lots of smaller bugs.

1326 1327
 See-also: gnupg-announce/2015q2/000366.html

Werner Koch's avatar
Werner Koch committed
1328

Werner Koch's avatar
Werner Koch committed
1329
Noteworthy changes in version 2.1.3 (2015-04-11)
Werner Koch's avatar
Werner Koch committed
1330 1331
------------------------------------------------

Werner Koch's avatar
Werner Koch committed
1332 1333 1334 1335 1336
 * gpg: LDAP keyservers are now supported by 2.1.

 * gpg: New option --with-icao-spelling.

 * gpg: New option --print-pka-records.  Changed the PKA method to use
Werner Koch's avatar
Werner Koch committed
1337
   CERT records and hashed names.  [Update: --print-pka-records
1338
   replaced in 2.1.14.]
Werner Koch's avatar
Werner Koch committed
1339 1340 1341 1342 1343 1344 1345 1346 1347 1348 1349 1350 1351 1352 1353 1354 1355 1356 1357 1358

 * gpg: New command --list-gcrypt-config.  New parameter "curve"
   for --list-config.

 * gpg: Print a NEWSIG status line like gpgsm always did.

 * gpg: Print MPI values with --list-packets and --verbose.

 * gpg: Write correct MPI lengths with ECC keys.

 * gpg: Skip legacy PGP-2 keys while searching.

 * gpg: Improved searching for mail addresses when using a keybox.

 * gpgsm: Changed default algos to AES-128 and SHA-256.

 * gpgtar: Fixed extracting files with sizes of a multiple of 512.

 * dirmngr: Fixed SNI handling for hkps pools.

1359 1360 1361
 * dirmngr: extra-certs and trusted-certs are now always loaded from
   the sysconfig dir instead of the homedir.

Werner Koch's avatar
Werner Koch committed
1362 1363 1364
 * Fixed possible problems due to compiler optimization, two minor
   regressions, and other bugs.

1365 1366
 See-also: gnupg-announce/2015q2/000365.html

Werner Koch's avatar
Werner Koch committed
1367

Werner Koch's avatar
Werner Koch committed
1368
Noteworthy changes in version 2.1.2 (2015-02-11)
Werner Koch's avatar
Werner Koch committed
1369 1370
------------------------------------------------

1371 1372 1373
 * gpg: The parameter 'Passphrase' for batch key generation works
   again.

1374 1375 1376
 * gpg: Using a passphrase option in batch mode now has the expected
   effect on --quick-gen-key.

Werner Koch's avatar
Werner Koch committed
1377 1378 1379 1380 1381 1382 1383 1384 1385 1386 1387 1388 1389 1390 1391 1392 1393 1394 1395 1396 1397 1398 1399 1400
 * gpg: Improved reporting of unsupported PGP-2 keys.

 * gpg: Added support for algo names when generating keys using
   --command-fd.

 * gpg: Fixed DoS based on bogus and overlong key packets.

 * agent: When setting --default-cache-ttl the value
   for --max-cache-ttl is adjusted to be not lower than the former.

 * agent: Fixed problems with the new --extra-socket.

 * agent: Made --allow-loopback-pinentry changeable with gpgconf.

 * agent: Fixed importing of unprotected openpgp keys.

 * agent: Now tries to use a fallback pinentry if the standard
   pinentry is not installed.

 * scd: Added support for ECDH.

 * Fixed several bugs related to bogus keyrings and improved some
   other code.

1401 1402
 See-also: gnupg-announce/2015q1/000361.html

1403

Werner Koch's avatar
Werner Koch committed
1404
Noteworthy changes in version 2.1.1 (2014-12-16)
Werner Koch's avatar
Werner Koch committed
1405 1406
------------------------------------------------

Werner Koch's avatar
Werner Koch committed
1407 1408 1409 1410
 * gpg: Detect faulty use of --verify on detached signatures.

 * gpg: New import option "keep-ownertrust".

Werner Koch's avatar
Werner Koch committed
1411 1412 1413 1414
 * gpg: New sub-command "factory-reset" for --card-edit.

 * gpg: A stub key for smartcards is now created by --card-status.

Werner Koch's avatar
Werner Koch committed
1415 1416
 * gpg: Fixed regression in --refresh-keys.

Werner Koch's avatar
Werner Koch committed
1417 1418
 * gpg: Fixed regresion in %g and %p codes for --sig-notation.

Werner Koch's avatar
Werner Koch committed
1419 1420 1421 1422 1423 1424
 * gpg: Fixed best matching hash algo detection for ECDSA and EdDSA.

 * gpg: Improved perceived speed of secret key listisngs.

 * gpg: Print number of skipped PGP-2 keys on import.

Werner Koch's avatar
Werner Koch committed
1425 1426 1427 1428 1429 1430 1431 1432 1433 1434 1435 1436 1437
 * gpg: Removed the option aliases --throw-keyid and --notation-data;
   use --throw-keyids and --set-notation instead.

 * gpg: New import option "keep-ownertrust".

 * gpg: Skip too large keys during import.

 * gpg,gpgsm: New option --no-autostart to avoid starting gpg-agent or
   dirmngr.

 * gpg-agent: New option --extra-socket to provide a restricted
   command set for use with remote clients.

Werner Koch's avatar
Werner Koch committed
1438 1439
 * gpgconf --kill does not anymore start a service only to kill it.

Werner Koch's avatar
Werner Koch committed
1440 1441
 * gpg-pconnect-agent: Add convenience option --uiserver.

Werner Koch's avatar
Werner Koch committed
1442 1443 1444 1445 1446 1447 1448 1449
 * Fixed keyserver access for Windows.

 * Fixed build problems on Mac OS X

 * The Windows installer does now install development files

 * More translations (but most of them are not complete).

Werner Koch's avatar
Werner Koch committed
1450 1451
 * To support remotely mounted home directories, the IPC sockets may
   now be redirected.  This feature requires Libassuan 2.2.0.
1452

Werner Koch's avatar
Werner Koch committed
1453
 * Improved portability and the usual bunch of bug fixes.
1454

1455 1456
 See-also: gnupg-announce/2014q4/000360.html

Werner Koch's avatar
Werner Koch committed
1457

1458
Noteworthy changes in version 2.1.0 (2014-11-06)
Werner Koch's avatar
Werner Koch committed
1459 1460
------------------------------------------------

1461 1462 1463 1464 1465 1466 1467
 This release introduces a lot of changes.  Most of them are internal
 and thus not user visible.  However, some long standing behavior has
 slightly changed and it is strongly suggested that an existing
 "~/.gnupg" directory is backed up before this version is used.

 A verbose description of the major new features and changes can be
 found in the file doc/whats-new-in-2.1.txt.
1468

Werner Koch's avatar
Werner Koch committed
1469
 * gpg: All support for v3 (PGP 2) keys has been dropped.  All
1470 1471
   signatures are now created as v4 signatures.  v3 keys will be
   removed from the keyring.
Werner Koch's avatar
Werner Koch committed
1472 1473 1474 1475 1476 1477

 * gpg: With pinentry-0.9.0 the passphrase "enter again" prompt shows
   up in the same window as the "new passphrase" prompt.

 * gpg: Allow importing keys with duplicated long key ids.

1478
 * dirmngr: May now be build without support for LDAP.
1479

Werner Koch's avatar
Werner Koch committed
1480
 * For a complete list of changes see the lists of changes for the
1481 1482
   2.1.0 beta versions below.  Note that all relevant fixes from
   versions 2.0.14 to 2.0.26 are also applied to this version.
Werner Koch's avatar
Werner Koch committed
1483 1484


1485
 [Noteworthy changes in version 2.1.0-beta864 (2014-10-03)]
Werner Koch's avatar
Werner Koch committed
1486

1487 1488
 * gpg: Removed the GPG_AGENT_INFO related code.  GnuPG does now
   always use a fixed socket name in its home directory.
Werner Koch's avatar
Werner Koch committed
1489 1490

 * gpg: Renamed --gen-key to --full-gen-key and re-added a --gen-key
1491
   command with less choices.
Werner Koch's avatar
Werner Koch committed
1492 1493 1494 1495 1496

 * gpg: Use SHA-256 for all signature types also on RSA keys.

 * gpg: Default keyring is now created with a .kbx suffix.

Werner Koch's avatar
Werner Koch committed
1497
 * gpg: Add a shortcut to the key capabilies menu (e.g. "=e" sets the
Werner Koch's avatar
Werner Koch committed
1498 1499 1500 1501
   encryption capabilities).

 * gpg: Fixed obsolete options parsing.

1502
 * Further improvements for the alternative speedo build system.
Werner Koch's avatar
Werner Koch committed
1503

Werner Koch's avatar
Werner Koch committed
1504

1505
 [Noteworthy changes in version 2.1.0-beta834 (2014-09-18)]
Werner Koch's avatar
Werner Koch committed
1506

Werner Koch's avatar
Werner Koch committed
1507 1508 1509 1510 1511 1512 1513 1514 1515 1516 1517 1518 1519 1520
 * gpg: Improved passphrase caching.

 * gpg: Switched to algorithm number 22 for EdDSA.

 * gpg: Removed CAST5 from the default preferences.

 * gpg: Order SHA-1 last in the hash preferences.

 * gpg: Changed default cipher for --symmetric to AES-128.

 * gpg: Fixed export of ECC keys and import of EdDSA keys.

 * dirmngr: Fixed the KS_FETCH command.

1521 1522
 * The speedo build system now downloads related packages and works
   for non-Windows platforms.
Werner Koch's avatar
Werner Koch committed
1523

Werner Koch's avatar
Werner Koch committed
1524

1525
 [Noteworthy changes in version 2.1.0-beta783 (2014-08-14)]
Werner Koch's avatar
Werner Koch committed
1526

Werner Koch's avatar
Werner Koch committed
1527 1528 1529 1530
 * gpg: Add command --quick-gen-key.

 * gpg: Make --quick-sign-key promote local key signatures.

Werner Koch's avatar
Werner Koch committed
1531
 * gpg: Added "show-usage" sub-option to --list-options.
Werner Koch's avatar
Werner Koch committed
1532 1533 1534 1535

 * gpg: Screen keyserver responses to avoid importing unwanted keys
   from rogue servers.

1536 1537 1538
 * gpg: Removed the option --pgp2 and --rfc1991 and the ability to
   create PGP-2 compatible messages.

Werner Koch's avatar
Werner Koch committed
1539 1540 1541 1542 1543 1544 1545 1546 1547 1548 1549 1550 1551 1552 1553 1554
 * gpg: Removed options --compress-keys and --compress-sigs.

 * gpg: Cap attribute packets at 16MB.

 * gpg: Improved output of --list-packets.

 * gpg: Make with-colons output of --search-keys work again.

 * gpgsm: Auto-create the ".gnupg" directory like gpg does.

 * agent: Fold new passphrase warning prompts into one.

 * scdaemon: Add support for the Smartcard-HSM card.

 * scdaemon: Remove the use of the pcsc-wrapper.

Werner Koch's avatar
Werner Koch committed
1555

1556
 [Noteworthy changes in version 2.1.0-beta751 (2014-07-03)]
Werner Koch's avatar
Werner Koch committed
1557 1558 1559 1560 1561 1562

 * gpg: Create revocation certificates during key generation.

 * gpg: Create exported secret keys and revocation certifciates with
   mode 0700

1563 1564 1565 1566 1567
 * gpg: The validity of user ids is now shown by default.  To revert
   this add "list-options no-show-uid-validity" to gpg.conf.

 * gpg: Make export of secret keys work again.

Werner Koch's avatar
Werner Koch committed
1568 1569 1570 1571 1572 1573 1574 1575 1576 1577 1578 1579 1580 1581 1582
 * gpg: The output of --list-packets does now print the offset of the
   packet and information about the packet header.

 * gpg: Avoid DoS due to garbled compressed data packets. [CVE-2014-4617]

 * gpg: Print more specific reason codes with the INV_RECP status.

 * gpg: Cap RSA and Elgamal keysize at 4096 bit also for unattended
   key generation.

 * scdaemon: Support reader Gemalto IDBridge CT30 and pinpad of SCT
   cyberJack go.

 * The speedo build system has been improved.  It is now also possible
   to build a partly working installer for Windows.
Werner Koch's avatar
Werner Koch committed
1583 1584


1585 1586 1587 1588
 [Noteworthy changes in version 2.1.0-beta442 (2014-06-05)]

 * gpg: Changed the format of key listings.  To revert to the old
   format the option --legacy-list-mode is available.
1589

Werner Koch's avatar
Werner Koch committed
1590 1591
 * gpg: Add experimental signature support using curve Ed25519 and
   with a patched Libgcrypt also encryption support with Curve25519.
1592 1593
   [Update: this encryption support has been removed from 2.1.0 until
   we have agreed on a suitable format.]
Werner Koch's avatar
Werner Koch committed
1594 1595 1596 1597

 * gpg: Allow use of Brainpool curves.

 * gpg: Accepts a space separated fingerprint as user ID.  This
1598 1599
   allows to copy and paste the fingerprint from the key listing.

Werner Koch's avatar
Werner Koch committed
1600 1601
 * gpg: The hash algorithm is now printed for signature records in key
   listings.
1602

Werner Koch's avatar
Werner Koch committed
1603 1604
 * gpg: Reject signatures made using the MD5 hash algorithm unless the
   new option --allow-weak-digest-algos or --pgp2 are given.
1605

Werner Koch's avatar
Werner Koch committed
1606 1607
 * gpg: Print a warning if the Gnome-Keyring-Daemon intercepts the
   communication with the gpg-agent.
1608

Werner Koch's avatar
Werner Koch committed
1609
 * gpg: New option --pinentry-mode.
Werner Koch's avatar
Werner Koch committed
1610

Werner Koch's avatar
Werner Koch committed
1611
 * gpg: Fixed decryption using an OpenPGP card.
1612

Werner Koch's avatar
Werner Koch committed
1613
 * gpg: Fixed bug with deeply nested compressed packets.
1614

Werner Koch's avatar
Werner Koch committed
1615 1616
 * gpg: Only the major version number is by default included in the
   armored output.
1617

Werner Koch's avatar
Werner Koch committed
1618
 * gpg: Do not create a trustdb file if --trust-model=always is used.
1619

Werner Koch's avatar
Werner Koch committed
1620
 * gpg: Protect against rogue keyservers sending secret keys.
1621

Werner Koch's avatar
Werner Koch committed
1622 1623
 * gpg: The format of the fallback key listing ("gpg KEYFILE") is now
   more aligned to the regular key listing ("gpg -k").
1624

Werner Koch's avatar
Werner Koch committed
1625 1626 1627 1628 1629 1630 1631 1632 1633 1634 1635 1636 1637 1638 1639
 * gpg: The option--show-session-key prints its output now before the
   decryption of the bulk message starts.

 * gpg: New %U expando for the photo viewer.

 * gpg,gpgsm: New option --with-secret.

 * gpgsm: By default the users are now asked via the Pinentry whether
   they trust an X.509 root key.  To prohibit interactive marking of
   such keys, the new option --no-allow-mark-trusted may be used.

 * gpgsm: New commands to export a secret RSA key in PKCS#1 or PKCS#8
   format.

 * gpgsm: Improved handling of re-issued CA certificates.
1640

Werner Koch's avatar
Werner Koch committed
1641
 * agent: The included ssh agent does now support ECDSA keys.
1642

Werner Koch's avatar
Werner Koch committed
1643 1644
 * agent: New option --enable-putty-support to allow gpg-agent on
   Windows to act as a Pageant replacement with full smartcard support.
1645

Werner Koch's avatar
Werner Koch committed
1646
 * scdaemon: New option --enable-pinpad-varlen.
1647

Werner Koch's avatar
Werner Koch committed
1648
 * scdaemon: Various fixes for pinpad equipped card readers.
1649

Werner Koch's avatar
Werner Koch committed
1650 1651 1652 1653 1654 1655 1656 1657 1658 1659 1660 1661 1662 1663 1664
 * scdaemon: Rename option --disable-pinpad (was --disable-keypad).

 * scdaemon: Better support fo CCID readers.  Now, internal CCID
   driver supports readers with no auto configuration feature.

 * dirmngr: Removed support for the original HKP keyserver which is
   not anymore used by any site.

 * dirmngr: Improved support for keyserver pools.

 * tools: New option --dirmngr for gpg-connect-agent.

 * The GNU Pth library has been replaced by the new nPth library.

 * Support installation as portable application under Windows.
1665

Werner Koch's avatar
Werner Koch committed
1666
 * All kind of other improvements - see the git log.
1667

1668

1669
 [Noteworthy changes in version 2.1.0beta3 (2011-12-20)]
Werner Koch's avatar
Werner Koch committed
1670

1671
 * gpg: Fixed regression in the secret key export function.
1672

1673
 * gpg: Allow generation of card keys up to 4096 bit.
1674

1675
 * gpgsm: Preliminary support for the validation model "steed".
1676

1677
 * gpgsm: Improved certificate creation.
1678

1679
 * agent: Support the SSH confirm flag.
1680

1681 1682
 * agent: New option to select a passphrase mode.  The loopback
   mode may be used to bypass Pinentry.
1683

1684
 * agent: The Assuan commands KILLAGENT and KILLSCD are working again.
1685

1686 1687
 * scdaemon: Does not anymore block after changing a card (regression
   fix).
1688

1689 1690
 * tools: gpg-connect-agent does now proberly display the help output
   for "SCD HELP" commands.
1691

Werner Koch's avatar
Werner Koch committed
1692

1693
 [Noteworthy changes in version 2.1.0beta2 (2011-03-08)]
Werner Koch's avatar
Werner Koch committed
1694

1695 1696
 * gpg: ECC support as described by draft-jivsov-openpgp-ecc-06.txt
   [Update: now known as RFC-6637].
Werner Koch's avatar
Werner Koch committed
1697

1698 1699 1700 1701
 * gpg: Print "AES128" instead of "AES".  This change introduces a
   little incompatibility for tools using "gpg --list-config".  We
   hope that these tools are written robust enough to accept this new
   algorithm name as well.
1702

1703 1704
 * gpgsm: New feature to create certificates from a parameter file.
   Add prompt to the --gen-key UI to create self-signed certificates.
1705

1706 1707
 * agent: TMPDIR is now also honored when creating a socket using
   the --no-standard-socket option and with symcryptrun's temp files.
Werner Koch's avatar
Werner Koch committed
1708

1709 1710 1711 1712
 * scdaemon: Fixed a bug where scdaemon sends a signal to gpg-agent
   running in non-daemon mode.

 * dirmngr: Fixed CRL loading under W32 (bug#1010).
Werner Koch's avatar
Werner Koch committed
1713

1714 1715
 * Dirmngr has taken over the function of the keyserver helpers.  Thus
   we now have a specified direct interface to keyservers via Dirmngr.
1716
   LDAP, DNS and mail backends are not yet implemented.
1717

1718 1719
 * Fixed TTY management for pinentries and session variable update
   problem.
1720

Werner Koch's avatar
Werner Koch committed
1721

1722
 [Noteworthy changes in version 2.1.0beta1 (2010-10-26)]
Werner Koch's avatar
Werner Koch committed
1723

1724 1725 1726
 * gpg: secring.gpg is not anymore used but all secret key operations
   are delegated to gpg-agent.  The import command moves secret keys
   to the agent.
1727

1728
 * gpg: The OpenPGP import command is now able to merge secret keys.
1729

1730 1731
 * gpg: Encrypted OpenPGP messages with trailing data (e.g. other
   OpenPGP packets) are now correctly parsed.
1732

1733
 * gpg: Given sufficient permissions Dirmngr is started automagically.
1734

1735
 * gpg: Fixed output of "gpgconf --check-options".
1736

1737 1738
 * gpg: Removed options --export-options(export-secret-subkey-passwd)
   and --simple-sk-checksum.
1739

1740
 * gpg: New options --try-secret-key.
1741

1742
 * gpg: Support DNS lookups for SRV, PKA and CERT on W32.
1743

1744
 * gpgsm: The --audit-log feature is now more complete.
1745

1746 1747
 * gpgsm: The default for --include-cert is now to include all
   certificates in the chain except for the root certificate.
1748

1749
 * gpgsm: New option --ignore-cert-extension.
Werner Koch's avatar
Werner Koch committed
1750

1751 1752
 * g13: The G13 tool for disk encryption key management has been
   added.
Werner Koch's avatar
Werner Koch committed
1753

1754 1755 1756 1757 1758
 * agent: If the agent's --use-standard-socket option is active, all
   tools try to start and daemonize the agent on the fly.  In the past
   this was only supported on W32; on non-W32 systems the new
   configure option --disable-standard-socket may now be used to
   disable this new default.
1759

1760 1761
 * agent: New and changed passphrases are now created with an
   iteration count requiring about 100ms of CPU work.
1762

1763 1764 1765 1766
 * dirmngr: Dirmngr is now a part of this package.  It is now also
   expected to run as a system service and the configuration
   directories are changed to the GnuPG name space. [Update: 2.1.0
   starts dirmngr on demand as user daemon.]
1767

1768 1769
 * Support for Windows CE. [Update: This has not been tested for the
   2.1.0 release]
1770

1771 1772
 * Numerical values may now be used as an alternative to the
   debug-level keywords.
1773

1774 1775
 See-also: gnupg-announce/2014q4/000358.html

Werner Koch's avatar
Werner Koch committed
1776

1777 1778 1779 1780 1781 1782 1783 1784 1785 1786 1787 1788 1789 1790 1791 1792 1793
Version 2.0.28 (2015-06-02)
Version 2.0.27 (2015-02-18)
Version 2.0.26 (2014-08-12)
Version 2.0.25 (2014-06-30)
Version 2.0.24 (2014-06-24)
Version 2.0.23 (2014-06-03)
Version 2.0.22 (2013-10-04)
Version 2.0.21 (2013-08-19)
Version 2.0.20 (2013-05-10)
Version 2.0.19 (2012-03-27)
Version 2.0.18 (2011-08-04)
Version 2.0.17 (2011-01-13)
Version 2.0.16 (2010-07-19)
Version 2.0.15 (2010-03-09)
Version 2.0.14 (2009-12-21)


Werner Koch's avatar
Werner Koch committed
1794
Noteworthy changes in version 2.0.13 (2009-09-04)
Werner Koch's avatar
Werner Koch committed
1795 1796
-------------------------------------------------

1797 1798 1799 1800
 * GPG now generates 2048 bit RSA keys by default.  The default hash
   algorithm preferences has changed to prefer SHA-256 over SHA-1.
   2048 bit DSA keys are now generated to use a 256 bit hash algorithm

1801 1802
 * The envvars XMODIFIERS, GTK_IM_MODULE and QT_IM_MODULE are now
   passed to the Pinentry to make SCIM work.
1803

1804 1805
 * The GPGSM command --gen-key features a --batch mode and implements
   all features of gpgsm-gencert.sh in standard mode.
Werner Koch's avatar
Werner Koch committed
1806

1807
 * New option --re-import for GPGSM's IMPORT server command.
1808

1809 1810 1811 1812 1813
 * Enhanced writing of existing keys to OpenPGP v2 cards.

 * Add hack to the internal CCID driver to allow the use of some
   Omnikey based card readers with 2048 bit keys.

1814 1815 1816
 * GPG now repeatly asks the user to insert the requested OpenPGP
   card.  This can be disabled with --limit-card-insert-tries=1.

1817 1818
 * Minor bug fixes.

1819 1820
 See-also: gnupg-announce/2009q3/000294.html

Werner Koch's avatar
Werner Koch committed
1821

Werner Koch's avatar
Werner Koch committed
1822
Noteworthy changes in version 2.0.12 (2009-06-17)
1823 1824
-------------------------------------------------

1825 1826 1827 1828 1829 1830
 * GPGSM now always lists ephemeral certificates if specified by
   fingerprint or keygrip.

 * New command "KEYINFO" for GPG_AGENT.  GPGSM now also returns
   information about smartcards.

1831
 * Made sure not to leak file descriptors if running gpg-agent with a
Werner Koch's avatar
Werner Koch committed
1832
   command.  Restore the signal mask to solve a problem in Mono.
1833 1834

 * Changed order of the confirmation questions for root certificates
Werner Koch's avatar
Werner Koch committed
1835
   and store negative answers in trustlist.txt.
1836