2016-03-31  Werner Koch  <wk@gnupg.org>

	Release 2.0.30.

2016-03-31  Ineiev  <ineiev@gnu.org>

	doc: Update help.ru.text.

2016-03-31  Werner Koch  <wk@gnupg.org>

	build: Create *.swdb file during make distcheck.
	* Makefile.am (distcheck-hook): New.

	gpg: Silence trustdb messages with --quiet.
	* g10/trustdb.c (validate_keys): Silence messages

2016-03-02  Justus Winter  <justus@g10code.com>

	agent: Do not remove the ssh socket.
	* agent/gpg-agent.c (create_server_socket): Also inhibit the removal
	of the ssh socket if another agent process is already running.

	GnuPG modern is not affected.

	GnuPG-bug-id: 2258

2016-02-12  NIIBE Yutaka  <gniibe@fsij.org>

	g10: Make sure to have the directory for trustdb.
	* g10/tdbio.c (tdbio_set_dbname): Return earlier if !CREATE.  Check
	the directory and create it if none before calling take_write_lock.

2016-01-15  Werner Koch  <wk@gnupg.org>

	common: Cope with AIX problem on number of open files.
	* common/exechelp.c: Limit returned value for too hight values.

2016-01-13  NIIBE Yutaka  <gniibe@fsij.org>

	Fix to support git worktree.
	* Makefile.am: Use -e for testing .git.

2015-12-15  NIIBE Yutaka  <gniibe@fsij.org>

	sm: Handle gcry_pk_encrypt return value.
	* sm/encrypt.c (encrypt_dek): Don't ignore failure of gcry_pk_encrypt.

	scd: Fix commit 9a9bfd77.
	* scd/app.c (check_application_conflict): Get SLOT.

2015-12-15  Daniel Hoffend  <dh@dotlan.net>

	scd: Fix removal of unplugged usb readers on Windows.
	* scd/apdu.c (pcsc_error_to_sw): map PCSC_E_NO_SERVICE and
	PCSC_E_SERVICE_STOPPED to the internal SW_HOST_NO_READER error code.

2015-12-15  NIIBE Yutaka  <gniibe@fsij.org>

	scd: Simplify saving application context.
	* scd/app.c (lock_table): Remove LAST_APP field.
	(lock_reader, app_dump_state, application_notify_card_reset)
	(release_application): Follow the change.
	(check_conflict): New.
	(check_application_conflict): Lock the slot and call check_conflict.
	(select_application): Call check_conflict and not use LAST_APP.

	scd: Fix "Conflicting usage" bug.
	* scd/apdu.c (apdu_close_reader): Call CLOSE_READER method even if we
	  got an error from apdu_disconnect.
	* scd/app-common.h (no_reuse): Remove.
	* scd/app.c (application_notify_card_reset): Deallocate APP here.
	(select_application, release_application): Don't use NO_REUSE.

2015-10-29  NIIBE Yutaka  <gniibe@fsij.org>

	doc: Don't install gpg-zip.1.
	* doc/Makefile.am (myman_pages): Remove gpg-zip.1.
	(DISTCLEANFILES): Add gpg-zip.1.

2015-10-05  Werner Koch  <wk@gnupg.org>

	agent: Fix alignment problem with the second passphrase struct.
	* agent/genkey.c (agent_ask_new_passphrase): Use a separate malloc for
	PI2.  Check return value of the malloc function.
	* agent/command-ssh.c (ssh_identity_register): Use a separate malloc
	for PI2.  Wipe PI2.

2015-10-01  Werner Koch  <wk@gnupg.org>

	gpg: Silence a compiler warning.
	* g10/parse-packet.c (enum_sig_subpkt): Replace hack.

2015-09-29  NIIBE Yutaka  <gniibe@fsij.org>

	gpg: Improve 'General key info' line of --card-status.
	* g10/keylist.c (print_pubkey_info): Print either "pub" or "sub".

2015-09-22  Werner Koch  <wk@gnupg.org>

	ssh: Fix fingerprint computation for 384 bit ECDSA keys.
	* common/ssh-utils.c (get_fingerprint): Fix hashed string.

2015-09-17  NIIBE Yutaka  <gniibe@fsij.org>

	po: Update Japanese translation.

	scd: Fix ccid-driver timeout for OpenPGPcard v2.1.
	* scd/ccid-driver.c (CCID_CMD_TIMEOUT): New.
	(ccid_transceive_apdu_level, ccid_transceive): Use.

2015-09-15  NIIBE Yutaka  <gniibe@fsij.org>

	po: Update Japanese translation.

2015-09-10  NIIBE Yutaka  <gniibe@fsij.org>

	po: Update Japanese Translation.

	gpgconf: Fix scdaemon reload.
	* tools/gpgconf-comp.c (scdaemon_runtime_change): Add "scd bye".

2015-09-08  Werner Koch  <wk@gnupg.org>

	Release 2.0.29.

	gpg: Print a new FAILURE status after most commands.
	* common/status.h (STATUS_FAILURE): New.
	* g10/cpr.c (write_status_failure): New.
	* g10/gpg.c (main): Call write_status_failure for all commands which
	print an error message here.

	gpg: Avoid cluttering stdout with trustdb info in verbose mode.
	* g10/trustdb.c (validate_keys): Call dump_key_array only in debug
	mode.

2015-09-01  Werner Koch  <wk@gnupg.org>

	gpg: Obsolete --no-sig-create-check.
	* g10/gpg.c (opts): Make --no-sig-create-check a NOP.
	* g10/options.h (struct opt): Remove field "no_sig_create_check".
	* g10/sign.c (do_sign): Do not run the create check for Libgcrypt 1.7.

2015-08-12  NIIBE Yutaka  <gniibe@fsij.org>

	g10: fix --card-status creating stub.
	* g10/getkey.c (get_seckeyblock_byfprint): Require exact match.

2015-07-27  Werner Koch  <wk@gnupg.org>

	sm: Revert to use SHA-1 for CSR generation.
	* sm/certreqgen.c (create_request): Revert to use SHA-1 but change to
	set it only at one place.

2015-07-16  Neal H. Walfield  <neal@g10code.com>

	Don't segfault if the first 'auto-key-locate' option is 'clear'.
	* g10/getkey.c (free_akl): If AKL is NULL, just return.

2015-06-23  NIIBE Yutaka  <gniibe@fsij.org>

	scd: pinpad workaround for PC/SC implementations.
	* scd/adpu.c (pcsc_pinpad_verify, pcsc_pinpad_modify): Bigger buffer
	for TPDU card reader.

	scd: Fix Cherry ST-2000 support for pinpad input.
	* scd/apdu.c (pcsc_vendor_specific_init): Set pinmax to 15.
	* scd/ccid-driver.c (ccid_transceive_secure): Add zero for the
	template of APDU.

2015-06-17  Werner Koch  <wk@gnupg.org>

	gpg: Print PGP-2 fingerprint instead of all zeroes.
	* g10/keyid.c (fingerprint_from_pk): Allow PGP-2 fingerprints.
	* g10/keylist.c (print_fingerprint): Print a warning after a PGP-2
	fingerprint.

2015-06-16  NIIBE Yutaka  <gniibe@fsij.org>

	po: Update Japanese Translation.

2015-06-15  NIIBE Yutaka  <gniibe@fsij.org>

	g10: Fix a race condition initially creating trustdb.
	* g10/tdbio.c (take_write_lock, release_write_lock): New.
	(put_record_into_cache, tdbio_sync, tdbio_end_transaction): Use
	new lock functions.
	(tdbio_set_dbname): Fix the race.
	(open_db): Don't call create_dotlock.

	po:Update Japanese translation.

2015-06-02  Werner Koch  <wk@gnupg.org>

	gpg: Consider that gcry_mpi_get_opaque may return NULL.
	* g10/seckey-cert.c (do_check): Handle a NULL opaque MPI.

2015-06-02  Daniel Kahn Gillmor  <dkg@fifthhorseman.net>

	gpg: Fix segv due to NULL value stored as opaque MPI (BRANCH 2.0)
	* g10/build-packet.c (do_secret_key): Check for NULL return from
	gcry_mpi_get_opaque.
	* g10/keyid.c (hash_public_key): Ditto.

2015-06-02  Werner Koch  <wk@gnupg.org>

	Release 2.0.28.

	agent: Make --allow-external-password-cache work.
	* agent/call-pinentry.c (start_pinentry): Remove first instance of
	sending the option.

	agent: Add strings for use by future Pinentry versions.
	* agent/call-pinentry.c (start_pinentry): Add more strings.

2015-05-20  Werner Koch  <wk@gnupg.org>

	agent: Cleanup caching code for command GET_PASSPHRASE.
	* agent/command.c (cmd_get_passphrase): Read from the user cache.

2015-05-19  Neal H. Walfield  <neal@gnu.org>

	agent: Backport changes from 2.1 to support an external password manager.
	* agent/agent.h (agent_askpin): Add arguments keyinfo and cache_mode.
	Update callers.
	(agent_get_passphrase): Likewise.
	(agent_clear_passphrase): New function.
	(opt): Add field allow_external_cache.
	* agent/call-pinentry.c (start_pinentry): Send "OPTION
	allow-external-password-cache" to the pinentry.
	(PINENTRY_STATUS_PASSWORD_FROM_CACHE): New constant.
	(pinentry_status_cb): New function.
	(agent_askpin): Add arguments keyinfo and cache_mode.  If KEYINFO and
	CACHE_MODE describe a cachable key, then send SETKEYINFO to the
	pinentry.  Pass PINENTRY_STATUS_CB to the "GETPIN" invocation.  If the
	passphrase was incorrect and PINENTRY_STATUS_PASSWORD_FROM_CACHE is
	set, decrement PININFO->FAILED_TRIES.
	(agent_get_passphrase): Add arguments keyinfo and cache_mode.  If
	KEYINFO and CACHE_MODE describe a cachable key, then send SETKEYINFO
	to the pinentry.
	(agent_clear_passphrase): New function.
	* agent/call-pinentry.c (start_pinentry): Act upon new var,
	allow_external_cache.
	* agent/command.c (cmd_clear_passphrase): Call agent_clear_passphrase.
	* agent/gpg-agent.c (oNoAllowExternalCache): New.
	(opts): Add option --no-allow-external-cache.
	(parse_rereadable_options): Set this option.

2015-05-19  NIIBE Yutaka  <gniibe@fsij.org>

	g10: detects public key encryption packet error properly.
	g10/mainproc.c (proc_pubkey_enc): Only allow relevant algorithms for
	encryption.

	g10: Improve handling of no corresponding public key.
	* g10/getkey.c (get_seckey): Return G10ERR_NO_PUBKEY when it's not
	exact match.

2015-05-11  Werner Koch  <wk@gnupg.org>

	gpg-connect-agent: Fix quoting of internal percent+ function.
	* tools/gpg-connect-agent.c (get_var_ext) <percent, percent+): Also
	escape '+'.

2015-05-01  NIIBE Yutaka  <gniibe@fsij.org>

	scd: PC/SC reader selection by partial string match.
	* scd/apdu.c (open_pcsc_reader_direct): Partial string match.
	* scd/pcsc-wrapper.c (handle_open): Likewise.

2015-04-30  NIIBE Yutaka  <gniibe@fsij.org>

	g10: fix cmp_public_key and cmp_secret_keys.
	* g10/free-packet.c (cmp_public_keys, cmp_secret_keys): Compare opaque
	data at the first entry of the array when it's unknown algo.
	* configure.ac (NEED_LIBGCRYPT_VERSION): Require 1.5.0.

2015-04-16  Werner Koch  <wk@gnupg.org>

	gpg: Emit status line NEWSIG before signature verification starts.
	* g10/mainproc.c (check_sig_and_print): Emit STATUS_NEWSIG.

2015-04-15  NIIBE Yutaka  <gniibe@fsij.org>

	scd: better handling of extended APDU.
	* scd/apdu.c (send_le): Bug fix for not append Z when lc<0&&le<0.
	* scd/app-common.h (struct app_ctx_s): Use bit fields for flags.
	* scd/ccid-driver.c (CCID_MAX_BUF): New.  Only for OpenPGPcard.
	(struct ccid_driver_s): New field of max_ccid_msglen.
	 Remove ifsd field.
	(parse_ccid_descriptor): Initialize max_ccid_msglen.
	(ccid_transceive_apdu_level): Implement sending extended APDU in
	chain of CCID message.

2015-04-15  Werner Koch  <wk@gnupg.org>

	gpgparsemail: Fix last commit (3f2bdac)
	* tools/rfc822parse.c (parse_field): Replace break by goto.

	gpgparsemail: Fix case of zero length continuation lines.
	* tools/rfc822parse.c (parse_field): Loop after continuation line.

	agent: Fix length test in sshcontrol parser.
	* agent/command-ssh.c (ssh_search_control_file): Check S before
	upcasing it.

	scd: Fix possible NULL deref in apdu.c.
	* scd/apdu.c (control_pcsc_direct): Take care of BUFLEN being NULL.
	(control_pcsc_wrapped): Ditto.

2015-04-15  NIIBE Yutaka  <gniibe@fsij.org>

	po: Update Japanese translation.

2015-04-05  Werner Koch  <wk@gnupg.org>

	gpg: Fix DoS while parsing mangled secret key packets.
	* g10/parse-packet.c (parse_key): Check PKTLEN before calling mpi_read
	et al.

2015-03-25  Werner Koch  <wk@gnupg.org>

	sm: Change default algos to SHA256 (CSR) and AES128 (bulk encryption).
	* sm/certreqgen.c (create_request): Change default hash algo.
	* sm/gpgsm.c (main): Change default bulk cipher algo.

2015-03-17  Andre Heinecke  <aheinecke@intevation.de>

	gpgtar: Fix extracting files with !(size % 512)
	* tools/gpgtar-extract.c (extract_regular): Handle size multiples
	  of RECORDSIZE.

2015-03-11  Werner Koch  <wk@gnupg.org>

	common: Check option arguments for a valid range.
	* common/argparse.h (ARGPARSE_INVALID_ARG): New.
	* common/argparse.c: Include limits h and errno.h.
	(initialize): Add error strings for new error constant.
	(set_opt_arg): Add range checking.

	gpg: New command --list-gcrypt-config.
	* g10/gpg.c (aListGcryptConfig): New.
	(main): Implement command.

2015-02-26  Werner Koch  <wk@gnupg.org>

	gpg: Remove left-over debug message.
	* g10/armor.c (check_input): Remove log_debug.

2015-02-18  Werner Koch  <wk@gnupg.org>

	Release 2.0.27.

	gpg: Remove an unused variable.
	* g10/import.c (import): Remove need_armor.

	po: Update German translation.

2015-02-18  Daniel Kahn Gillmor  <dkg@fifthhorseman.net>

	curl-shim: clean up varargs.
	* keyserver/curl-shim.c (curl_easy_setopt) : ensure that va_end is
	  called.

2015-02-18  Werner Koch  <wk@gnupg.org>

	gpg: Print better diagnostics for keyserver operations.
	* g10/armor.c (parse_key_failed_line): New.
	(check_input): Watch out for gpgkeys_ error lines.
	* g10/filter.h (armor_filter_context_t): Add field key_failed_code.
	* g10/import.c (import): Add arg r_gpgkeys_err.
	(import_keys_internal): Ditto.
	(import_keys_stream): Ditto.
	* g10/keyserver.c (keyserver_errstr): New.
	(keyserver_spawn): Detect "KEY " lines while sending.  Get gpgkeys_err
	while receiving keys.
	(keyserver_work): Add kludge for better error messages.

2015-02-13  Werner Koch  <wk@gnupg.org>

	keyserver: Show log prefix when not build with cURL.
	* keyserver/ksutil.c (init_ks_options) [!HAVE_LIBCURL]: Set logging
	prefix.

2015-02-12  Werner Koch  <wk@gnupg.org>

	Use inline functions to convert buffer data to scalars.
	* include/host2net.h (buf16_to_ulong, buf16_to_uint): New.
	(buf16_to_ushort, buf16_to_u16): New.
	(buf32_to_size_t, buf32_to_ulong, buf32_to_uint, buf32_to_u32): New.

	gpg: Prevent an invalid memory read using a garbled keyring.
	* g10/keyring.c (keyring_get_keyblock): Whitelist allowed packet
	types.

	gpg: Fix a NULL-deref in export due to invalid packet lengths.
	* g10/build-packet.c (write_fake_data): Take care of a NULL stored as
	opaque MPI.

	gpg: Fix a NULL-deref due to empty ring trust packets.
	* g10/parse-packet.c (parse_trust): Always allocate a packet.

2015-02-12  Joshua Rogers  <git@internot.info>

	kbx: Fix resource leak.
	* kbx/keybox-update.c (blob_filecopy): Fix resource leak.  On error
	return, 'fp' and 'newfp' was never closed.

2015-02-12  Werner Koch  <wk@gnupg.org>

	gpg: Limit the size of key packets to a sensible value.
	* g10/parse-packet.c (MAX_KEY_PACKET_LENGTH): New.
	(MAX_UID_PACKET_LENGTH): New.
	(MAX_COMMENT_PACKET_LENGTH): New.
	(MAX_ATTR_PACKET_LENGTH): New.
	(parse_key): Limit the size of a key packet to 256k.
	(parse_user_id): Use macro for the packet size limit.
	(parse_attribute): Ditto.
	(parse_comment): Ditto.

	Avoid double-close in unusual dotlock situations.
	* jnlib/dotlock.c (create_dotlock): Avoid double close due to EINTR.

2015-01-28  Werner Koch  <wk@gnupg.org>

	gpg: Allow predefined names as answer to the keygen.algo prompt.
	* g10/keygen.c (ask_algo): Add list of strings.

2015-01-26  Werner Koch  <wk@gnupg.org>

	gpg: Print a warning if the subkey expiration may not be what you want.
	* g10/keyedit.c (subkey_expire_warning): New.
	keyedit_menu): Call it when needed.

	build: Update to gettext 0.19.3.

	build: Require automake 1.14.
	* Makefile.am (AUTOMAKE_OPTIONS): Move to ...
	* configure.ac (AM_INIT_AUTOMAKE): here.  Add option serial-tests.
	* kbx/Makefile.am (INCLUDES): Remove.  Include ../am/cmacros.

2015-01-26  Jedi Lin  <Jedi@Jedi.org>

	po: Yet another update for Chinese (traditional)

2015-01-25  Joshua Rogers  <git@internot.info>

	Remove incorrect expression leading to errors.
	* scd/ccid-driver.c (send_escape_cmd): Fix setting of 'rc'.

2015-01-23  Werner Koch  <wk@gnupg.org>

	gpgconf: Fix validity check for UINT32 values.
	* tools/gpgconf-comp.c (option_check_validity): Enable check for
	UINT32.

2015-01-13  Joshua Rogers  <git@internot.info>

	tools: Free variable before return.
	* tools/gpgconf-comp.c: Free 'dest_filename' before it is returned
	upon error.

2015-01-13  Daniel Kahn Gillmor  <dkg@fifthhorseman.net>

	sm: Avoid double-free on iconv failure.
	* sm/minip12.c: (p12_build) if jnlib_iconv_open fails, avoid
	double-free of pwbuf.

	scd: Avoid double-free on error condition in scd.
	* scd/command.c (cmd_readkey): avoid double-free of cert

	avoid future chance of using uninitialized memory.
	* common/iobuf.c: (iobuf_open): initialize len

	gpgkey2ssh: clean up varargs.
	* tools/gpgkey2ssh.c (key_to_blob) : ensure that va_end is called.

2015-01-13  Werner Koch  <wk@gnupg.org>

	doc: Fix memory leak in yat2m.
	* doc/yat2m.c (write_th): Free NAME.

	gpgsm: Return NULL on fail.
	* sm/gpgsm.c (parse_keyserver_line): Set SERVER to NULL.

	gpg: Fix possible read of unallocated memory.
	* g10/parse-packet.c (can_handle_critical): Check content length
	before calling can_handle_critical_notation.

2015-01-09  Werner Koch  <wk@gnupg.org>

	scd: Fix possibly inhibited checkpin of the admin pin.
	* scd/app-openpgp.c (do_check_pin): Do not check a byte of a released
	buffer.

2015-01-08  Joshua Rogers  <git@internot.info>

	scd: fix get_public_key for OpenPGPcard v1.0.
	* scd/app-openpgp.c (get_public_key): correctly close 'fp' upon use.

2014-12-12  NIIBE Yutaka  <gniibe@fsij.org>

	gpg: release DEK soon after its use.
	* g10/keygen.c (generate_subkeypair): Release DEK soon.

2014-11-26  David Prévot  <taffit@debian.org>

	po: Update French translation.

	po: Update Danish translation.

2014-11-26  Yuri Chornoivan  <yurchor@ukr.net>

	po: Update Ukrainian translation.

2014-11-26  Jedi Lin  <Jedi@Jedi.org>

	po: Update Chinese (traditional) translation.

2014-11-26  Ineiev  <ineiev@gnu.org>

	po: Update Russian translation.

2014-11-26  Frans Spiesschaert  <Frans.Spiesschaert@yucom.be>

	po: New Dutch translation.
	* po/LINGUAS: Add nl.po.

2014-11-24  Werner Koch  <wk@gnupg.org>

	gpg: Fix use of uninit.value in listing sig subpkts.
	* g10/parse-packet.c (dump_sig_subpkt): Print regex subpacket
	sanitized.

	gpg: Fix off-by-one read in the attribute subpacket parser.
	* g10/parse-packet.c (parse_attribute_subpkts): Check that the
	attribute packet is large enough for the subpacket type.

	gpg: Fix a NULL-deref for invalid input data.
	* g10/mainproc.c (proc_encrypted): Take care of canceled passpharse
	entry.

2014-11-14  Werner Koch  <wk@gnupg.org>

	gpg: Make the use of "--verify FILE" for detached sigs harder.
	* g10/openfile.c (open_sigfile): Factor some code out to ...
	(get_matching_datafile): new function.
	* g10/plaintext.c (hash_datafiles): Do not try to find matching file
	in batch mode.
	* g10/mainproc.c (check_sig_and_print): Print a warning if a possibly
	matching data file is not used by a standard signatures.

2014-11-12  Werner Koch  <wk@gnupg.org>

	gpg: Add import option "keep-ownertrust".
	* g10/options.h (IMPORT_KEEP_OWNERTTRUST): New.
	* g10/import.c (parse_import_options): Add "keep-ownertrust".
	(import_one): Act upon new option.

2014-10-11  Werner Koch  <wk@gnupg.org>

	gpg: Show v3 key fingerprints as all zero.
	* g10/keyid.c (fingerprint_from_pk): Show v3 fingerprints as all zero.

	gpg: Avoid using cached MD5 signature status.
	* g10/sig-check.c (check_key_signature2): Avoid using a cached MD5
	signature status.
	* g10/keyring.c (keyring_get_keyblock): Ditto.
	(write_keyblock): Ditto.

	* g10/sig-check.c (do_check): Move reject warning to ...
	* g10/misc.c (print_md5_rejected_note): new.

2014-10-03  Daniel Kahn Gillmor  <dkg@fifthhorseman.net>

	gpg: Add build and runtime support for larger RSA keys.
	* configure.ac: Added --enable-large-secmem option.
	* g10/options.h: Add opt.flags.large_rsa.
	* g10/gpg.c: Contingent on configure option: adjust secmem size,
	add gpg --enable-large-rsa, bound to opt.flags.large_rsa.
	* g10/keygen.c: Adjust max RSA size based on opt.flags.large_rsa
	* doc/gpg.texi: Document --enable-large-rsa.

2014-10-02  Werner Koch  <wk@gnupg.org>

	build: Update m4 scripts.
	* m4/gpg-error.m4: Update from Libgpg-error git master.
	* m4/libgcrypt.m4: Update from Libgcrypt git master.
	* configure.ac: Declare SYSROOT a precious variable.  Add extra error
	message for library configuration mismatches.

2014-10-02  Daniel Kahn Gillmor  <dkg@fifthhorseman.net>

	gpg: --compress-sigs and --compress-keys are not no-ops in 2.0.
	* g10/gpg.c: Cleanup argument parsing.

	gpg: Avoid duplicate declaration of {no-,}sk-comments noops.
	* g10/gpg.c: Cleanup argument parsing.

2014-09-27  Werner Koch  <wk@gnupg.org>

	gpg: Default to SHA-256 for all signature types on RSA keys.
	* g10/main.h (DEFAULT_DIGEST_ALGO): Use SHA256 in --gnupg and SHA1 in
	strict RFC or PGP modes.
	* g10/sign.c (make_keysig_packet): Use DEFAULT_DIGEST_ALGO also for
	RSA key signatures.

2014-09-26  Werner Koch  <wk@gnupg.org>

	gpg: Add shortcut for setting key capabilities.
	* g10/keygen.c (ask_key_flags): Add shortcut '='.
	* doc/help.txt (gpg.keygen.flags): New.

2014-09-25  Daniel Kahn Gillmor  <dkg@fifthhorseman.net>

	gpg: Warn about (but don't fail) on scdaemon options in gpg.conf.
	* g10/gpg.c: Add config options that should belong in scdaemon.conf
	* g10/main.h, g10/misc.c (obsolete_scdaemon_option): New.

2014-09-03  Kristian Fiskerstrand  <kf@sumptuouscapital.com>

	gpg: Need to init the trustdb for import.
	* g10/trustdb.c (clear_ownertrusts): Init trustdb.

2014-08-26  Werner Koch  <wk@gnupg.org>

	build: Print an error message if zlib is not installed.
	* configure.ac (missing_zlib): New.

	gpg: Allow for positional parameters in the passphrase prompt.
	* g10/passphrase.c (passphrase_get): Replace sprintf by xasprintf.

2014-08-12  Werner Koch  <wk@gnupg.org>

	Release 2.0.26.

	sm: Create homedir and lock empty keybox creation.
	* sm/gpgsm.h (opt): Add field "no_homedir_creation".
	* sm/gpgsm.c (main): Set it if --no-options is used.
	* sm/keydb.c: Include fcntl.h.
	(try_make_homedir): New.  Similar to the one from g10/openfile.c
	(maybe_create_keybox): New.  Similar to the one from g10/keydb.c.
	(keydb_add_resource): Replace some code by maybe_create_keybox.

2014-08-08  NIIBE Yutaka  <gniibe@fsij.org>

	po: Update Japanese translation.

2014-08-06  Werner Koch  <wk@gnupg.org>

	gpg: Fix regression due to the keyserver import filter.
	* g10/keyserver.c (keyserver_retrieval_filter): Change args.  Rewrite
	to take subpakets in account.
	* g10/import.c (import_one, import_secret_one): Pass keyblock to
	filter.

	gpg: Add kbnode_t for easier backporting.
	* g10/gpg.h (kbnode_t): New.

2014-07-21  Simon Josefsson  <simon@josefsson.org>

	Add OpenPGP card manufacturer Yubico (6).

2014-07-21  Andreas Schwier  <andreas.schwier@cardcontact.de>

	scd: Allow for certificates > 1024 with PC/SC.
	* scd/pcsc-wrapper.c (handle_transmit): Enlarge buffer to 4096 too
	allow for larger certificates.

2014-07-21  Werner Koch  <wk@gnupg.org>

	gpg: Cap size of attribute packets at 16MB.
	* g10/parse-packet.c (parse_attribute): Avoid xmalloc failure and cap
	size of packet.

2014-06-30  Werner Koch  <wk@gnupg.org>

	Release 2.0.25.

	estream: Fix minor glitch in "%.*s" format.
	* common/estream-printf.c (pr_string): Take care of non-nul terminated
	strings.

2014-06-27  Werner Koch  <wk@gnupg.org>

	scd: Support reader Gemalto IDBridge CT30.
	* scd/ccid-driver.c (parse_ccid_descriptor): Add quirk for that
	reader.
	(GEMPC_CT30): New product id.

	gpg: Limit keysize for unattended key generation to useful values.
	* g10/keygen.c (gen_elg): Enforce keysize 1024 to 4096.
	(gen_rsa): Enforce keysize 1024 to 4096.
	(gen_dsa): Enforce keysize 768 to 3072.

2014-06-25  Werner Koch  <wk@gnupg.org>

	agent: Let gpg-protect-tool pass envvars to pinentry.
	* agent/protect-tool.c (opt_session_env): New.
	(main): Pass session environment object to
	gnupg_prepare_get_passphrase.

	gpg: Make screening of keyserver result work with multi-key commands.
	* g10/keyserver.c (ks_retrieval_filter_arg_s): new.
	(keyserver_retrieval_filter): Use new struct and check all
	descriptions.
	(keyserver_spawn): Pass filter arg suing the new struct.

2014-06-24  Werner Koch  <wk@gnupg.org>

	Release 2.0.24.

2014-06-24  Kristian Fiskerstrand  <kf@sumptuouscapital.com>

	gpg: Fix a couple of spelling errors.

2014-06-24  Werner Koch  <wk@gnupg.org>

	gpg: Do not link gpgv against libassuan.
	* g10/Makefile.am (gpgv2_LDADD): Remove LIBASSUAN_LIBS.

	po: Update de.po.

	common: Fix commit ceef5568 so that it builds with libgcrypt < 1.6.
	* common/ssh-utils.c (get_fingerprint): Use GCRY_PK_ECC only if
	defined.

	Remove thread callbacks for libgcrypt >= 1.6.
	* agent/gpg-agent.c (GCRY_THREAD_OPTION_PTH_IMPL): Do not use with
	libgcrypt >= 1.6.
	(main): Ditto.
	* scd/scdaemon.c (GCRY_THREAD_OPTION_PTH_IMPL): Ditto.
	(main): Ditto.

	gpg: Use more specific reason codes for INV_RECP.
	* g10/pkclist.c (build_pk_list): Use more specific reasons codes for
	INV_RECP.

	gpg: Make show-uid-validity the default.

2014-06-24  Stefan Tomanek  <tomanek@internet-sicherheit.de>

	gpg: Screen keyserver responses.
	* g10/main.h (import_filter_t): New.
	* g10/import.c (import): Add filter callbacks to param list.
	(import_one): Ditto.
	(import_secret_one): Ditto.
	(import_keys_internal): Ditto.
	(import_keys_stream): Ditto.
	* g10/keyserver.c (keyserver_retrieval_filter): New.
	(keyserver_spawn): Pass filter to import_keys_stream()

2014-06-24  Werner Koch  <wk@gnupg.org>

	gpg: Allow key-to-card upload for cert-only keys.
	* g10/card-util.c (card_store_subkey): Allo CERT usage for key 0.

2014-06-23  Werner Koch  <wk@gnupg.org>

	ssh: Fix for newer Libgcrypt versions.
	* common/ssh-utils.c (get_fingerprint): Add GCRY_PK_ECC case.

2014-06-20  Werner Koch  <wk@gnupg.org>

	gpg: Avoid infinite loop in uncompressing garbled packets.
	* g10/compress.c (do_uncompress): Limit the number of extra FF bytes.

2014-06-03  Werner Koch  <wk@gnupg.org>

	doc: Update for modern makeinfo.
	* doc/texi.css: Remove.
	* doc/Makefile.am (AM_MAKEINFOFLAGS): Use --css-ref.

	Release 2.0.23.

	doc: Adjust Makefile for fixed yat2m.
	* doc/Makefile.am (yat2m-stamp): Remove dirmngr-client hack.

	gpg: New %U expando for the photo viewer.
	* g10/photoid.c (show_photos): Set namehash.
	* g10/misc.c (pct_expando): Add "%U" expando.

	common: Add z-base-32 encoder.
	* common/zb32.c: New.
	* common/t-zb32.c: New.
	* common/Makefile.am (common_sources): Add zb82.c

	gpg: Reject signatures made with MD5.
	* g10/gpg.c: Add option --allow-weak-digest-algos.
	(main): Set option also in PGP2 mode.
	* g10/options.h (struct opt): Add flags.allow_weak_digest_algos.
	* g10/sig-check.c (do_check): Reject MD5 signatures.
	* tests/openpgp/gpg.conf.tmpl: Add allow_weak_digest_algos.

	gpg: Remove useless diagnostic in MDC verification.
	* g10/decrypt-data.c (decrypt_data): Do not distinguish between a bad
	MDC packer header and a bad MDC.

	gpg: Fix glitch entering a full expiration time.
	* g10/keygen.c (ask_expire_interval): Get the current time after the
	prompt.

2014-06-02  Werner Koch  <wk@gnupg.org>

	gpg: Graceful skip reading of corrupt MPIs.
	* g10/parse-packet.c (mpi_read): Change error message on overflow.

	gpg: Simplify default key listing.
	* g10/mainproc.c (list_node): Rework.

	gpgsm: Handle re-issued CA certificates in a better way.
	* sm/certchain.c (find_up_search_by_keyid): Consider all matching
	certificates.
	(find_up): Add some debug messages.

	gpgsm: Add a way to save a found state.
	* kbx/keybox-defs.h (keybox_found_s): New.
	(keybox_handle): Factor FOUND out to above.  Add saved_found.
	* kbx/keybox-init.c (keybox_release): Release saved_found.
	(keybox_push_found_state, keybox_pop_found_state): New.

	* sm/keydb.c (keydb_handle): Add field saved_found.
	(keydb_new): Init it.
	(keydb_push_found_state, keydb_pop_found_state): New.

	gpg: Fix bug parsing a zero length user id.
	* g10/getkey.c (get_user_id): Do not call xmalloc with 0.

	* common/xmalloc.c (xmalloc, xcalloc): Take extra precaution not to
	pass 0 to the arguments.

2014-04-22  Werner Koch  <wk@gnupg.org>

	gpg: Print a warning if GKR has hijacked gpg-agent.
	* g10/call-agent.c (check_hijacking): New.
	(start_agent): Call it.
	(membuf_data_cb, default_inq_cb): Move more to the top.

2014-04-16  Werner Koch  <wk@gnupg.org>

	gpg: Fix use of deprecated RSA_E and RSA_E with newer libgcrypts.
	* g10/misc.c (pubkey_get_npkey): Map RSA_E and RSA_S to RSA.
	(pubkey_get_nskey): Ditto.
	(pubkey_get_nsig): Ditto.
	(pubkey_get_nenc): Ditto.
	(pubkey_nbits): Take care of RSA_E and RSA_S.

2014-03-12  Werner Koch  <wk@gnupg.org>

	scd: Skip S/N reading for the "undefined" application.
	* scd/app.c (select_application): Skip serial number reading.

2013-12-11  Werner Koch  <wk@gnupg.org>

	gpg: Change --show-session-key to print the session key earlier.
	* g10/cpr.c (write_status_strings): New.
	(write_status_text): Replace code by a call to write_status_strings.
	* g10/mainproc.c (proc_encrypted): Remove show_session_key code.
	* g10/decrypt-data.c (decrypt_data): Add new show_session_key code.

2013-11-27  Werner Koch  <wk@gnupg.org>

	Silence annoying ABI change warning.
	* configure.ac [GCC]: Pass -Wno-psabi for gcc >= 4.6.  Avoid some gcc
	option tests for gcc >= 4.6

	scd: Fix two compiler warnings.
	* scd/apdu.c (pcsc_vendor_specific_init): Add suggested parens.
	* scd/ccid-driver.c (ccid_get_atr): Cast DEBUGOUT_1 arg to int.

	gpg: Change armor Version header to emit only the major version.
	* g10/options.h (opt): Rename field no_version to emit_version.
	* g10/gpg.c (main): Init opt.emit_vesion to 1.  Change --emit-version
	to bump up opt.emit_version.
	* g10/armor.c (armor_filter): Implement different --emit-version
	values.

2013-11-15  Werner Koch  <wk@gnupg.org>

	common: Fix build problem with Sun Studio compiler.
	* common/estream.c (ESTREAM_MUTEX_UNLOCK): Use int dummy dummy
	functions.
	(ESTREAM_MUTEX_INITIALIZE): Ditto.

2013-11-13  NIIBE Yutaka  <gniibe@fsij.org>

	scd: more pinpad input fix for PC/SC.
	* scd/apdu.c (check_pcsc_pinpad): Set default values here.
	(pcsc_pinpad_verify, pcsc_pinpad_modify): Remove setting default
	values, as it's too late.

2013-11-11  NIIBE Yutaka  <gniibe@fsij.org>

	scd: more pinpad fix.
	* scd/apdu.c (check_pcsc_pinpad): Set ->minlen and ->maxlen only when
	those are specified.
	(pcsc_pinpad_modify): Remove old check code.

2013-10-29  NIIBE Yutaka  <gniibe@fsij.org>

	scd: pinpad fix for PC/SC on Windows.
	* scd/apdu.c (SCARD_CTL_CODE): Fix for Windows.

2013-10-25  NIIBE Yutaka  <gniibe@fsij.org>

	scd: fix pinpad input on Windows.
	* scd/apdu.c (open_pcsc_reader_direct): Don't call
	pcsc_vendor_specific_init here, but...
	(connect_pcsc_card): Call it here.

2013-10-23  NIIBE Yutaka  <gniibe@fsij.org>

	po: Update Japanese translation.

2013-10-16  NIIBE Yutaka  <gniibe@fsij.org>

	scd: add pinpad readers information for PC/SC service.
	* scd/apdu.c (pcsc_vendor_specific_init): Add information for Cherry
	ST-2xxx, Reiner cyberJack, Vasco DIGIPASS, FSIJ Gnuk Token, and KAAN
	Advance.

2013-10-15  NIIBE Yutaka  <gniibe@fsij.org>

	scd: remove pin length check.
	* scd/apdu.c (pcsc_pinpad_verify): Remove old check code for pin
	length.

2013-10-11  Werner Koch  <wk@gnupg.org>

	gpg: Do not require a trustdb with --always-trust.
	* g10/tdbio.c (tdbio_set_dbname): Add arg R_NOFILE.
	* g10/trustdb.c (trustdb_args): Add field no_trustdb.
	(init_trustdb): Set that field.
	(revalidation_mark):  Take care of a nonexistent trustdb file.
	(read_trust_options): Ditto.
	(get_ownertrust): Ditto.
	(get_min_ownertrust): Ditto.
	(update_ownertrust): Ditto.
	(update_min_ownertrust): Ditto.
	(clear_ownertrusts): Ditto.
	(cache_disabled_value): Ditto.
	(check_trustdb_stale): Ditto.
	(get_validity): Ditto.
	* g10/gpg.c (main): Do not create a trustdb with most commands for
	trust-model always.

	gpg: Fix --version output and explicitly disable ECC.
	* g10/misc.c (openpgp_pk_algo_name): New.  Replace all calls in g10/
	to gcry_pk_algo_name by a call to this function.
	(map_pk_openpgp_to_gcry): Map algo PUBKEY_ALGO_ELGAMAL_E to GCRY_PK_ELG.
	(openpgp_pk_test_algo): Use PUBKEY_ALGO_ELGAMAL_E instead of
	GCRY_PK_ELG_E.  Return an error for ECC algos.
	(openpgp_pk_test_algo2):  Return an error for ECC algos.
	* g10/gpg.c (build_list): Avoid printing ECC two times.
	* include/cipher.h: Do not use GCRY_PK_* macros for PUBKEY_ALGO_*.

2013-10-04  Werner Koch  <wk@gnupg.org>

	Release 2.0.22.

	doc: Update from master.

	gpg: Print a "not found" message for an unknown key in --key-edit.
	* g10/keyedit.c (keyedit_menu): Print message.

	gpg: Kludge not to bail out on ECC if build with Libgcrypt 1.6.
	* g10/misc.c (print_pubkey_algo_note): Map the algo.
	(openpgp_pk_test_algo, openpgp_pk_test_algo2): Ditto.
	(pubkey_get_npkey, pubkey_get_nskey, pubkey_get_nsig)
	(pubkey_get_nenc): Return 0 for ECC algorithms.

	po: Update Czech translation.

	gpg: Protect against rogue keyservers sending secret keys.
	* g10/options.h (IMPORT_NO_SECKEY): New.
	* g10/keyserver.c (keyserver_spawn, keyserver_import_cert): Set new
	flag.
	* g10/import.c (import_secret_one): Deny import if flag is set.

2013-10-04  Daniel Kahn Gillmor  <dkg@fifthhorseman.net>

	gpg: Allow setting of all zero key flags.
	* g10/keygen.c (do_add_key_flags): Do not check for empty key flags.
	(cherry picked from commit b693ec02c467696bf9d7324dd081e279f9965151)

2013-10-04  Werner Koch  <wk@gnupg.org>

	gpg: Distinguish between missing and cleared key flags.
	* include/cipher.h (PUBKEY_USAGE_NONE): New.
	* g10/getkey.c (parse_key_usage): Set new flag.

	keyserver: Allow use of cURL's default CA store.
	* keyserver/gpgkeys_curl.c (main): Set CURLOPT_CAINFO only if a file
	has been given.
	* keyserver/gpgkeys_hkp.c (main): Ditto.

	gpg: Limit the nesting level of I/O filters.
	* common/iobuf.c (MAX_NESTING_FILTER): New.
	(iobuf_push_filter2): Limit the nesting level.

	* g10/mainproc.c (mainproc_context): New field ANY.  Change HAVE_DATA
