2019-05-28  Werner Koch  <wk@gnupg.org>

	Release GnuPG 2.2.16.
	+ commit 3f2b7a53ddc43b3a349451d28691aaaa116786dc


	dirmngr: Allow for other hash algorithms than SHA-1 in OCSP.
	+ commit 5281ecbe3ae8364407d9831243b81d664b040805
	* dirmngr/ocsp.c (do_ocsp_request): Remove arg md.  Add args r_sigval,
	r_produced_at, and r_md.  Get the hash algo from the signature and
	create the context here.
	(check_signature): Allow any hash algo.  Print a diagnostic if the
	signature does not verify.

2019-05-27  Werner Koch  <wk@gnupg.org>

	sm: Avoid confusing diagnostic for the default key.
	+ commit 32210e855c460ed60505bf9be9adea33d05c40eb
	* sm/certlist.c (cert_usage_p): Add arg 'silent' and change all
	callers.
	(gpgsm_cert_use_sign_p): Add arg 'silent' and pass to cert_usage_p.
	Change all callers.
	* sm/sign.c (gpgsm_get_default_cert): Set SILENT when calling
	gpgsm_cert_use_sign_p

	gpg: Fixed i18n markup of some strings.
	+ commit ab5d7142a79e92819f5551cfc424a8ceaf0885fa
	* g10/tofu.c: Removed some translation markups which either make no
	sense or are not possble.

	gpg: Allow deletion of subkeys with --delete-[secret-]key.
	+ commit d9b31d3a20b89a5ad7e9a2158b6da63a9a37fa8a
	* common/userids.c (classify_user_id): Do not set the EXACT flag in
	the default case.
	* g10/export.c (exact_subkey_match_p): Make static,
	* g10/delkey.c (do_delete_key): Implement subkey only deleting.

2019-05-27  NIIBE Yutaka  <gniibe@fsij.org>

	agent: Stop scdaemon after reload when disable_scdaemon.
	+ commit 9ccdd59e4e1e0b0e3b03b288f52f3c71e86a04dd
	* agent/call-scd.c (agent_card_killscd): New.
	* agent/gpg-agent.c (agent_sighup_action): Call agent_card_killscd.

2019-05-21  Werner Koch  <wk@gnupg.org>

	gpg: Do not bail on an invalid packet in the local keyring.
	+ commit 30f44957ccd1433846709911798af3da4e437900
	* g10/keydb.c (parse_keyblock_image): Treat invalid packet special.

	gpg: Do not allow creation of user ids larger than our parser allows.
	+ commit d32963eeb33fd3053d40a4e7071fb0e8b28a8651
	* g10/parse-packet.c: Move max packet lengths constants to ...
	* g10/packet.h: ... here.
	* g10/build-packet.c (do_user_id): Return an error if too data is too
	large.
	* g10/keygen.c (write_uid): Return an error for too large data.

2019-05-21  NIIBE Yutaka  <gniibe@fsij.org>

	agent: For SSH key, don't put NUL-byte at the end.
	+ commit 6e39541f4f488fe59eac399bad18c465f373a784
	* agent/command-ssh.c (ssh_key_to_protected_buffer): Update
	the length by the second call of gcry_sexp_sprint.

2019-05-20  Werner Koch  <wk@gnupg.org>
	    Matheus Afonso Martins Moreira

	gpg: Do not delete any keys if --dry-run is passed.
	+ commit 5c46c5f74540ad753b925b74593332ca92de47fa
	* g10/delkey.c (do_delete_key): Don't delete the keyblock on dry runs.
	Do not clear the ownertrust.  Do not let the agent delete the key.

2019-05-17  Werner Koch  <wk@gnupg.org>

	gpg: Fix using --decrypt along with --use-embedded-filename.
	+ commit 1702179d91b7136661af084d7dab2e50a2857491
	* g10/options.h (opt): Add flags.dummy_outfile.
	* g10/decrypt.c (decrypt_message): Set this global flag instead of the
	fucntion local flag.
	* g10/plaintext.c (get_output_file): Ignore opt.output if that was
	used as a dummy option aslong with --use-embedded-filename.

	gpg: Improve the photo image viewer selection.
	+ commit cd5f040a5389944dd8a05bc9c938f888581dfc8a
	* g10/exec.c (w32_system): Add "!ShellExecute" special.
	* g10/photoid.c (get_default_photo_command): Use the new ShellExecute
	under Windows and fallbac to 'display' and 'xdg-open' in the Unix
	case.
	(show_photos): Flush stdout so that the output is shown before the
	image pops up.

2019-05-16  Werner Koch  <wk@gnupg.org>

	kbx: Fix an endless loop under Windows due to an incomplete fix.
	+ commit 0fff927889b075442ed7130f376118c31fda1f32
	* kbx/keybox-search.c (keybox_search):  We need to seek to the last
	position in all cases not just when doing a NEXT.

	kbx: Fix deadlock in gpgsm on Windows due to a sharing violation.
	+ commit 6f72aa821407e47ad3963e72e139f2ca2c69d9dd
	* kbx/keybox-init.c (keybox_lock) [W32]: Use _keybox_close_file
	instead of fclose so that a close is done if the file is opened by
	another handle.
	* kbx/keybox-search.c (keybox_search): Remember the last offset and
	use that in NEXT search mode if we had to re-open the file.

	gpgconf: Before --launch check that the config file is fine.
	+ commit 3a28706cfd960ff84dda9a22aa2f160b4c2efbb5
	* tools/gpgconf-comp.c (gc_component_launch): Check the conf file.
	* tools/gpgconf.c (gpgconf_failure): Call log_flush.

2019-05-15  Daniel Kahn Gillmor  <dkg@fifthhorseman.net>

	gpg: enable OpenPGP export of cleartext keys with comments.
	+ commit 9c704d9d46338769a66bfc6c378efeda3c4bd9ec
	* g10/export.c (cleartext_secret_key_to_openpgp): ignore trailing
	sublists in private-key S-expression.

2019-05-15  Werner Koch  <wk@gnupg.org>

	gpgconf: Support --homedir for --launch.
	+ commit 31e26037bd727a6ee9c96ba168a55c4f9def43b6
	* tools/gpgconf-comp.c (gpg_agent_runtime_change): Simplify because
	gnupg_homedir already returns abd absolute name.
	(scdaemon_runtime_change): Ditto.
	(dirmngr_runtime_change): Ditto.
	(gc_component_launch): Support --homedir.

2019-05-14  Daniel Kahn Gillmor  <dkg@fifthhorseman.net>

	agent: correct length for uri and comment on 64-bit big-endian platforms
	+ commit 110932925ba8e0169da18d7774440f8d1fd8a344
	* agent/findkey.c (agent_public_key_from_file): pass size_t as int to
	gcry_sexp_build_array's %b.

2019-05-14  Werner Koch  <wk@gnupg.org>

	gpg: Do not print a hint to use the deprecated --keyserver option.
	+ commit 8d645f1d1f2b0f4e2d3b72f2a585acac4bdd8846
	* g10/keyserver.c (keyserver_search): Remove a specialized error
	message.

2019-05-14  NIIBE Yutaka  <gniibe@fsij.org>

	g10: Fix possible null dereference.
	+ commit 5b22d2c400890fc366ccb7ca74ee886d9cef22a3
	* g10/armor.c (armor_filter): Access ->d in the internal loop.

	build: Update m4/iconv.m4.
	+ commit cf73c82e95f999bd35636b0cf4e80ed5c33fa7a8
	* m4/iconv.m4: Update from gettext 0.20.1.

2019-05-13  Werner Koch  <wk@gnupg.org>

	gpg: Change update_keysig_packet to replace SHA-1 by SHA-256.
	+ commit c1dc7a832921fdf5686d377f33db78707c0345e2
	* g10/sign.c (update_keysig_packet): Convert digest algo when needed.

2019-05-12  Werner Koch  <wk@gnupg.org>

	sm: Fix a warning in an es_fopencooie function.
	+ commit 8d0d61aca3d2713df8a33444af3658b859d72be8
	* sm/certdump.c (format_name_writer): Take care of a flush request.

2019-05-10  Daniel Kahn Gillmor  <dkg@fifthhorseman.net>

	doc: correct documentation for gpgconf --kill.
	+ commit be116f871dbf14dd44d3a7909c2a052f8979c480
	* doc/tools.texi(gpgconf): Correct documentation for gpgconf --kill.

	(cherry picked from commit 9662538be6afc8beee0f2654f9a8f234c5dac016)

2019-05-09  Werner Koch  <wk@gnupg.org>

	build: Sign all Windows binaries.
	+ commit e6901c2bc802996c24335bcb35012ccb74b4ced0
	* build-aux/speedo.mk (AUTHENTICODE_SIGNHOST): New.
	(AUTHENTICODE_TOOL): New.
	(AUTHENTICODE_FILES): New.
	(installer): Sign listed files.
	(AUTHENTICODE_SIGNHOST): New macro.
	(sign-installer): Use that macro instead of direct use of osslsigncode.

2019-05-03  Werner Koch  <wk@gnupg.org>

	gpg: Use just the addrspec from the Signer's UID.
	+ commit 05204b72497db093f5d2da4a2446c0264a946296
	* g10/parse-packet.c (parse_signature): Take only the addrspec from a
	Signer's UID subpacket.

2019-04-23  NIIBE Yutaka  <gniibe@fsij.org>

	po: Update Japanese Translation.
	+ commit caa61fb7da6b858f038dde948d36fce5c0a85ee5


2019-04-18  Andre Heinecke  <aheinecke@intevation.de>

	g10: Fix double free when locating by mbox.
	+ commit 35899dc2903b118620e6f9f0fa6b21c8568abbf1
	* g10/getkey.c (get_best_pubkey_byname): Set new.uid always
	to NULL after use.

2019-04-16  NIIBE Yutaka  <gniibe@fsij.org>

	common: Fix AWK portability.
	+ commit ee766b2b5d646643d66d23eae478f71c0a01a343
	* common/Makefile.am: Use pkg_namespace.
	* common/mkstrtable.awk: Use pkg_namespace.  Regexp fix.

2019-04-11  Werner Koch  <wk@gnupg.org>

	gpg: Accept also armored data from the WKD.
	+ commit dc4c7f65e32a0cddc075d06fa0132e099bcb6455
	* g10/keyserver.c (keyserver_import_wkd): Clear NO_ARMOR.

	gpg: Set a limit of 5 to the number of keys imported from the WKD.
	+ commit e9fcb0361ab4ef1f6fb0ea235f1b15667932aba2
	* g10/import.c (import): Limit the number of considered keys to 5.
	(import_one): Return the first fingerprint in case of WKD.

2019-04-02  Werner Koch  <wk@gnupg.org>

	scd: Add dummy option --application-priority.
	+ commit cb2065967465939f82cc585254cae0244ed94eac


	dirmngr: Improve domaininfo cache update algorithm.
	+ commit 48e7977709b6a56e8fd8e9f5abb9dba5ea617c33
	* dirmngr/domaininfo.c (struct domaininfo_s): Add field keepmark.
	(insert_or_update): Implement new update algorithm.

	dirmngr: Better error code for http status 413.
	+ commit 0a30ce036a615bc95382e0640d185b031f8c6a63
	* dirmngr/ks-engine-hkp.c (send_request): New case for 413.
	* dirmngr/ks-engine-http.c (ks_http_fetch): Ditto.
	* dirmngr/ocsp.c (do_ocsp_request): Ditto.

2019-04-01  Daniel Kahn Gillmor  <dkg@fifthhorseman.net>

	NEWS: correct typo in header.
	+ commit 5b1b5be65f343d252c865d705d23b55982718f2d


2019-03-27  NIIBE Yutaka  <gniibe@fsij.org>

	g10: Fix symmetric cipher algo constant for ECDH.
	+ commit 38c2a9a644e0bc1e2594ea437a5930982f7b8c4e
	* g10/ecdh.c (kek_params_table): Use CIPHER_ALGO_AES192 for
	ECC strength 384, according to RFC-6637.

2019-03-27  Trevor Bentley  <trevor@yubico.com>

	gpg: Don't use EdDSA algo ID for ECDSA curves.
	+ commit 2f455d18ab99a1d94029d3f607ae918bd5c9fecf
	* g10/keygen.c (ask_curve): Change algo ID to ECDSA if it changed from
	an EdDSA curve.

2019-03-26  Werner Koch  <wk@gnupg.org>

	Release 2.2.15.
	+ commit dc93e57226db32d5b90884dcf768d271baa6628a


	sm: Allow decryption even if expired other keys are configured.
	+ commit 30972d21824264aef2088d30b4f2e5ce3aca889e
	* sm/gpgsm.c (main): Add special handling for bad keys in decrypt
	mode.

	agent: Allow other ssh fingerprint algos in KEYINFO.
	+ commit 1c2fa8b6d747aa171bfef35a50754893aa80a562
	* agent/command.c (cmd_keyinfo): Allow for --ssh-fpr=ALGO.  Default to
	the standard algo.

2019-03-25  Werner Koch  <wk@gnupg.org>

	wkd: New command --print-wkd-url for gpg-wks-client.
	+ commit 2f3eebf1865a85f8c09a1c052513260ed55acec6
	* tools/gpg-wks-client.c (aPrintWKDURL): New.
	(opts): Add option.
	(main): Implement.
	* tools/wks-util.c (wks_cmd_print_wkd_url): New.

2019-03-25  NIIBE Yutaka  <gniibe@fsij.org>

	libdns: Don't use _[A-Z] which are reserved names.
	+ commit a975fd127a5d58bbbb3c585e610a54daeb423af6
	* dirmngr/dns.c: Use the identifiers of "*_instance" instead of
	reserved "_[A-Z]".

2019-03-25  Werner Koch  <wk@gnupg.org>

	wkd: New command --print-wkd-hash for gpg-wks-client.
	+ commit 64621f1f40c31c7f453da98efb860ff8cf11edbc
	* tools/gpg-wks-client.c (aPrintWKDHash): New.
	(opts) : Add "--print-wkd-hash".
	(main): Implement that command.
	(proc_userid_from_stdin): New.
	* tools/wks-util.c (wks_fname_from_userid): Add option HASH_ONLY.
	(wks_cmd_print_wkd_hash): New.

2019-03-25  Andre Heinecke  <aheinecke@gnupg.org>

	sm, w32: Translate logger and status fd to handles.
	+ commit b9d2759da19cb70c1f6243498480bea1d7ecaa46
	* sm/gpgsm.c (main): Call translate_sys2libc_fd_int to
	convert the FDs.

2019-03-22  Daniel Kahn Gillmor  <dkg@fifthhorseman.net>

	doc: fix formatting error.
	+ commit 93782de23fe45e7f7f86140fda6de39395c3a9d8


2019-03-19  Werner Koch  <wk@gnupg.org>

	Release 2.2.14.
	+ commit 813de13e73b01409fabff9859f24c4f23b808796


2019-03-18  Ineiev  <ineiev@gnu.org>

	po: Update Russian translation.
	+ commit dc00947b21dcd4417a35da711c884cef5cc9fc7d


2019-03-18  Werner Koch  <wk@gnupg.org>

	gpg: Do not bail out on v5 keys in the local keyring.
	+ commit de70a2f377c1647417fb8a2b6476c3744a901296
	* g10/parse-packet.c (parse_key): Return GPG_ERR_UNKNOWN_VERSION
	instead of invalid packet.
	* g10/keydb.c (parse_keyblock_image): Do not map the unknown version
	error to invalid keyring.
	(keydb_search): Skip unknown version errors simlar to legacy keys.
	* g10/keyring.c (keyring_rebuild_cache): Skip keys with unknown
	versions.
	* g10/import.c (read_block): Handle unknown version.

	gpg: Allow import of PGP desktop exported secret keys.
	+ commit 0e73214dd208fca4df26ac796416c6f25b3ae50d
	* g10/import.c (NODE_TRANSFER_SECKEY): New.
	(import): Add attic kludge.
	(transfer_secret_keys): Add arg only_marked.
	(resync_sec_with_pub_keyblock): Return removed seckeys via new arg
	r_removedsecs.
	(import_secret_one): New arg r_secattic.  Change to take ownership of
	arg keyblock.  Implement extra secret key import logic.  Factor some
	code out to ...
	(do_transfer): New.
	(import_matching_seckeys): New.

	gpg: Avoid importing secret keys if the keyblock is not valid.
	+ commit 43b23aa82be7e02414398af506986b812e2b9349
	* g10/keydb.h (struct kbnode_struct): Replace unused field RECNO by
	new field TAG.
	* g10/kbnode.c (alloc_node): Change accordingly.
	* g10/import.c (import_one): Add arg r_valid.
	(sec_to_pub_keyblock): Set tags.
	(resync_sec_with_pub_keyblock): New.
	(import_secret_one): Change return code to gpg_error_t.   Return an
	error code if sec_to_pub_keyblock failed.  Resync secret keyblock.

	gpg: During secret key import print "sec" instead of "pub".
	+ commit db2d75f1ffede2ea77163b487a15e60249daffa0
	* g10/keyedit.c (show_basic_key_info): New arg 'print_sec'.  Remove
	useless code for "sub" and "ssb".
	* g10/import.c (import_one): Pass FROM_SK to show_basic_key_info.  Do
	not print the first  keyinfo in FROM_SK mode.
	printing.

	gpg: Simplify an interactive import status line.
	+ commit 184fbf014ae537554d6939a47f07977ef0b0fe9f
	* g10/cpr.c (write_status_printf): Escape CR and LF.
	* g10/import.c (print_import_check): Simplify by using
	write_status_printf and hexfingerprint.


	Fixed one conlict in a comment.

2019-03-07  NIIBE Yutaka  <gniibe@fsij.org>

	libdns: Avoid using compound literals (8).
	+ commit ee08a15e31284d32fb59774fc15e39107a727072
	* dirmngr/dns.h (dns_quietinit): Remove.
	(dns_hints_i_new): Remove.

	libdns: Avoid using compound literals (7).
	+ commit 4ab0fef5dc856d1f2747efab584182aa880f631c
	* dirmngr/dns.h (DNS_OPTS_INIT, dns_opts): Remove.
	* dirmngr/dns-stuff.c (libdns_res_open): Use zero-ed, and initialized
	automatic variable for opts.
	* dirmngr/dns.c (send_query, resolve_query, resolve_addrinfo):
	Likewise.

	libdns: Avoid using compound literals (6).
	+ commit f3af1707690b070b4cbf6d761a9e5dbddbf681e9
	* dirmngr/dns.h (dns_rr_i_new): Remove.
	(dns_rr_i_init): Remove unused second argument.
	* dirmngr/dns.c (dns_p_dump, dns_hints_query, print_packet)
	(parse_packet): Use automatic variable for struct dns_rr_i.
	(dns_d_cname): No need to call dns_rr_i_init after memset 0.
	(dns_rr_i_init): Remove unused second argument.  Return nothing.
	* dirmngr/dns-stuff.c (resolve_addr_libdns, get_dns_cert_libdns)
	(getsrv_libdns): Follow the change of dns_rr_i_init.

	(cherry picked from commit 6501e59d3685bb58753c9caea729a4b0eca3942a)

	libdns: Avoid using compound literals (5).
	+ commit 500151e6daf5fc4d6ea382b83aab3cca72b27881
	* dirmngr/dns.h (dns_rr_foreach): Don't use dns_rr_i_new.
	Call dns_rr_grep with NULL.
	* dirmngr/dns.c (dns_rr_grep): Support NULL for error_.

	libdns: Avoid using compound literals (4).
	+ commit 229302aecf8deea0349e79ca0cc05f32665391b7
	* dirmngr/dns.h (dns_d_new*): Remove.
	* dirmngr/dns.c (parse_packet): Use dns_d_init with automatic
	variable.
	(parse_domain): Likewise.

	(cherry picked from commit 7313a112f9c7ada61d24285313d2e2d069a672e8)

	libdns: Avoid using compound literals (3).
	+ commit f0de4fc990767ae5d120a523be51616b0f35f4f6
	* dirmngr/dns.h (dns_p_new): Remove.
	* dirmngr/dns.c (dns_hosts_query): Use dns_p_init with automatic
	variable.
	(dns_hints_query, dns_res_glue, parse_packet, query_hosts)
	(send_query, show_hints, echo_port): Likewise.

	libdns: Avoid using compound literals (2).
	+ commit ff7d01fc6d396fc3b8d37baa9bd4cdebc8853648
	* dirmngr/dns.h (dns_strsection1, dns_strsection3): Remove.
	(dns_strclass1, dns_strclass3): Remove.
	(dns_strtype1, dns_strtype3): Remove.
	(dns_strsection, dns_strclass, dns_strtype): Directly use the
	function.
	* dirmngr/dns.c (dns_strsection): Use automatic variable.
	(dns_strclass, dns_strtype): Likewise.

	(cherry picked from commit 455ef62d29a112de05897139716265d07e4c6ae3)

	libdns: Avoid using compound literals.
	+ commit 1318d1e2d50989c66f496ede906a846859f0cf9f
	* dirmngr/dns.c (dns_inet_pton, dns_so_tcp_keep): Use automatic
	variables.
	(dns_poll, dns_send_nopipe): Likewise, adding const qualifier.

2019-03-07  Werner Koch  <wk@gnupg.org>

	dirmngr: Add CSRF protection exception for protonmail.
	+ commit 557c721e787e7e6d311ccb48d8aa677123061cf5
	* dirmngr/http.c (same_host_p): Add exception table.

	gpgtar: Make option -C work for archive creation.
	+ commit 5d73c231e4f2d5994eb3be48b36517e39d66be96
	* tools/gpgtar-create.c (gpgtar_create): Switch to the -C directory.

	gpgtar: Improve error messages.
	+ commit 2e4151a3412c3fc553fbb7ad070dfffc68a04b35
	* tools/gpgtar.h (struct tarinfo_s): New.
	* tools/gpgtar.c (cmd, skip_crypto, files_from, null_names): Move
	global vars more to the top.
	(set_cmd): Rename 'cmd' to 'c'.
	* tools/gpgtar-list.c (parse_header): Add arg 'info' and improve error
	messages.
	(read_header): Add arg 'info' and update counter.
	(skip_data): Ditto.
	(gpgtar_list): Pass info object to read functions.
	(gpgtar_read_header): Add arg 'info'.
	* tools/gpgtar-extract.c (gpgtar_extract): add arg 'info' and pass on.
	(extract_regular): Add arg 'info' and update counter.

	gpg: Make invalid primary key algos obvious in key listings.
	+ commit d2a7f9078a4673ec53733e4f69fd17a8f1ac962d
	* g10/keylist.c (print_key_line): Print a warning for invalid algos.

	sm: Print Yubikey attestation extensions with --dump-cert.
	+ commit b3c8ce9e4343f1b68b9ba94bdd71b7d8e13b139a
	* sm/keylist.c (oidtranstbl): Add Yubikey OIDs.
	(OID_FLAG_HEX): New.
	(print_hex_extn): New.
	(list_cert_raw): Make use of that flag.

	(cherry picked from commit 86c241a8c9a952ea8007066b70b04f435e2e483e)

2019-03-07  NIIBE Yutaka  <gniibe@fsij.org>

	tests: Add "disable-scdaemon" in gpg-agent.conf.
	+ commit 150d5452318eafa6aa800ff3b87f8f8eb35ed203
	* tests/openpgp/defs.scm: Add "disable-scdaemon".  Remove
	  "scdaemon-program".
	* tests/gpgme/gpgme-defs.scm, tests/gpgsm/gpgsm-defs.scm: Likewise.
	* tests/inittests, tests/pkits/inittests: Add "disable-scdaemon"

2019-03-07  Werner Koch  <wk@gnupg.org>

	scd: Fix flushing of CA-FPR data objects.
	+ commit e7eafe10197557ce874db2f049d683f90f26e0bc
	* scd/app-openpgp.c (do_setattr): Add new table item to flush a
	different tag.

2019-03-07  NIIBE Yutaka  <gniibe@fsij.org>

	agent: Support --mode=ssh option for CLEAR_PASSPHRASE.
	+ commit 77a285a0a94994ee9b42289897f9bf3075c7192d
	* agent/command.c (cmd_clear_passphrase): Add support for SSH.

2019-03-07  Daniel Kahn Gillmor  <dkg@fifthhorseman.net>

	gpgv: Improve documentation for keyring choices.
	+ commit a7b2a87f940dba078867c44f1f50d46211d51719
	* doc/gpgv.texi: Improve documentation for keyring choices

2019-02-28  Werner Koch  <wk@gnupg.org>

	sm: Don't mark a cert as de-vs compliant if it leads to SHA-1 sigs.
	+ commit be69bf0cbd11cb8c0d452e07066669aacc6caafa
	* sm/keylist.c (print_compliance_flags): Also check the digest_algo.
	Add new arg 'cert'.

2019-02-28  Daniel Kahn Gillmor  <dkg@fifthhorseman.net>

	gpgsm: default to 3072-bit keys.
	+ commit 121286d9d1506dbaad9ba33bae2e459814fe5849
	* doc/gpgsm.texi, doc/howto-create-a-server-cert.texi: : update
	default to 3072 bits.
	* sm/certreqgen-ui.c (gpgsm_gencertreq_tty): update default to
	3072 bits.
	* sm/certreqgen.c (proc_parameters): update default to 3072 bits.
	* sm/gpgsm.c (main): print correct default_pubkey_algo.

2019-02-26  Werner Koch  <wk@gnupg.org>

	conf: New option --show-socket.
	+ commit 92e26ade5c0d52f2e50eaf338a0bb8006e75711c
	* tools/gpgconf-comp.c (gc_component_t): Move this enum to ...
	* tools/gpgconf.h: here.
	* tools/gpgconf.c (oShowSocket): New.
	(opts): Add new option.
	(main): Implement new option.

2019-02-25  Werner Koch  <wk@gnupg.org>

	scd: Don't let the "undefined" app cause a conflict error.
	+ commit 0eb8095626be71160dfa66284a7b0a6a57cb03e3
	* scd/app.c (check_conflict): Ignore "undefined".

	(cherry picked from commit 5ecc7a02609dde65096ddb12e0ff8f6bce3b774a)

	sm: Fix certificate creation with key on card.
	+ commit 54c56230e305a38d6fd0c3bf1262172fd5fbcb87
	* sm/certreqgen.c (create_request): Fix for certmode.

	agent: Fix for suggested Libgcrypt use.
	+ commit 0a95b153811f36739d1b20f23920bad0bb07c68b
	* agent/divert-scd.c (divert_pkdecrypt): Skip a flags parameter.

2019-02-25  NIIBE Yutaka  <gniibe@fsij.org>

	gpgscm: Build well even if NDEBUG defined.
	+ commit 8161afb9dddaba839be92fbe9d85c05235eda825
	* gpgscm/scheme.c (gc_reservation_failure): Fix adding ";".
	[!NDEBUG] (scheme_init_custom_alloc): Don't init seserved_lineno.

2019-02-19  Neal H. Walfield  <neal@g10code.com>

	gpg: Fix comparison.
	+ commit 14e5435afb50dc9a9243ff3e0aed5030beba2914
	* g10/gpgcompose.c (literal_name): Complain if passed zero arguments,
	not one or fewer.

2019-02-19  NIIBE Yutaka  <gniibe@fsij.org>

	agent: Fix cancellation handling for scdaemon.
	+ commit 005e951714ff62087b8c8802e05d14b7998826f3
	* agent/call-scd.c (cancel_inquire): Remove.
	(agent_card_pksign, agent_card_pkdecrypt, agent_card_writekey)
	(agent_card_scd): Don't call cancel_inquire.

	scd: Distinguish cancel by user and protocol error.
	+ commit 90e5f49b6a2e002d3c67a041a076f07aeb7a7f54
	* scd/apdu.h (SW_HOST_CANCELLED): New.
	* scd/apdu.c (host_sw_string): Support SW_HOST_CANCELLED.
	(pcsc_error_to_sw): Return SW_HOST_CANCELLED for PCSC_E_CANCELLED.
	* scd/iso7816.c (map_sw): Return GPG_ERR_INV_RESPONSE for
	SW_HOST_ABORTED and GPG_ERR_CANCELED for SW_HOST_CANCELLED.

	common: Fix gnupg_wait_processes.
	+ commit 6e422b5135c71f8fa859a3f4de51bf89e3ff5ac6
	* common/exechelp-posix.c (gnupg_wait_processes): Loop for r_exitcodes
	even if we already see an error.

2019-02-14  Ingvar Hagelund  <ingvar@redpill-linpro.com>

	po: Correct a simple typo in the Norwegian translation.
	+ commit a09bba976d2f5694011a9291189a70a0f3c4caae


2019-02-12  Werner Koch  <wk@gnupg.org>

	Release 2.2.13.
	+ commit 7922e2dd1c7eee48a8a2cf4799827942489ddd0f


2019-02-11  Werner Koch  <wk@gnupg.org>

	sm: In --gen-key with "key from card" show also the algorithm.
	+ commit d1bee9d1efa28fa9d35b7eed1e616c6362fd044e
	* sm/certreqgen-ui.c (gpgsm_gencertreq_tty): Get and show algo.

	common: Provide function to get public key algo names in our format.
	+ commit d29d73264f607642281fb701a17015306c8fc4d7
	* common/sexputil.c (pubkey_algo_string): New.

	common: New functions get_option_value and ascii_strupr.
	+ commit ee8d1a9e6c09b3ecc4b46f47b79358f78d458916
	* common/server-help.c (get_option_value): New.
	* common/stringhelp.c (ascii_strupr): New.

	scd: Make app_genkey and supporting ISO function more flexible.
	+ commit 14816c798099925e47908e7ce415412d72fbe28e
	* scd/app.c (app_genkey): Add arg keytype.
	* scd/app-common.h (struct app_ctx_s): Fitto for the genkey member.
	* scd/command.c (cmd_genkey): Adjust for change.
	* scd/iso7816.c (do_generate_keypair): Replace arg read_only by new
	args p1 and p2.
	(iso7816_read_public_key): Adjust for this.
	(iso7816_generate_keypair): Add new args p1 and p2.
	* scd/app-openpgp.c (do_genkey): Adjust for changes.

	scd: Fix parameter name of app_change_key.
	+ commit c075274aac0ffd388df638548b75a7d90e7e929d
	* scd/app-common.h (APP_GENKEY_FLAG_FORCE): New.
	* scd/app.c (app_change_pin): Rename arg reset_mode to flags and
	change from int to unsigned int.

	scd: Allow standard keyref scheme for app-openpgp.
	+ commit 6651a0640d0f1b4dd161210dc55974d9b93b7253
	* scd/app-openpgp.c (do_change_pin): Allow prefixing the CHVNO with
	"OPENPGP."

	gpg: Emit an ERROR status if no key was found with --list-keys.
	+ commit 14ea581a1c040b53b0ad4c51136a7948363b1e4b
	* g10/keylist.c (list_one): Emit status line.

2019-02-06  NIIBE Yutaka  <gniibe@fsij.org>

	po: Update Japanese translation.
	+ commit c16685b2f5021105ef0560cb3db68ef43bcdb9c1


	agent: Clear bogus pinentry cache, when it causes an error.
	+ commit 9109bb9919f84d5472b7e62e84b961414a79d3c2
	* agent/agent.h (PINENTRY_STATUS_*): Expose to public.
	(struct pin_entry_info_s): Add status.
	* agent/call-pinentry.c (agent_askpin): Clearing the ->status
	before the loop, let the assuan_transact set ->status.  When
	failure with PINENTRY_STATUS_PASSWORD_FROM_CACHE, it returns
	soon.
	* agent/findkey.c (unprotect): Clear the pinentry cache,
	when it causes an error.

	dirmngr: Fix initialization of assuan's nPth hook.
	+ commit 7f4c3eb0a039621c564b6095ab5f810524843157
	* dirmngr/dirmngr.c (main): Move assuan_set_system_hooks to...
	(thread_init): ... here.

2019-01-30  Werner Koch  <wk@gnupg.org>

	gpg: Allow generating Ed25519 key from an existing key.
	+ commit 31d2a1eecaee766919b18bc42b918d9168f601f8
	* g10/misc.c (map_pk_gcry_to_openpgp): Add EdDSA mapping.

2019-01-29  Werner Koch  <wk@gnupg.org>

	gpg: Implement searching keys via keygrip.
	+ commit 5e5f3ca0c2e08185a236b4d04b318f81004e3223
	* kbx/keybox-defs.h (struct _keybox_openpgp_key_info): Add field grip.
	* kbx/keybox-openpgp.c (struct keyparm_s): New.
	(keygrip_from_keyparm): New.
	(parse_key): Compute keygrip.
	* kbx/keybox-search.c (blob_openpgp_has_grip): New.
	(has_keygrip): Call it.

	common: Provide some convenient OpenPGP related constants.
	+ commit b78f293cf06f447d1d0a5c416ac129a4e1cf9f8c
	* common/openpgpdefs.h (OPENPGP_MAX_NPKEY): New.
	(OPENPGP_MAX_NSKEY): New.
	(OPENPGP_MAX_NSIG): New.
	(OPENPGP_MAX_NENC): New.
	* g10/packet.h: Define PUBKEY_MAX using the new consts.

	(cherry picked from commit f382984966a31a4cbe572bce5370590c5490ed1e)

	common: New helper functions for OpenPGP curve OIDs.
	+ commit dddbb26155f292fde2909ecc84b62b693b6dea49
	* common/openpgp-oid.c (openpgp_oidbuf_to_str): Factor most code out
	to ...
	(openpgp_oidbuf_to_str): new.
	(openpgp_oidbuf_is_ed25519): New.
	(openpgp_oidbuf_is_cv25519): New.

2019-01-22  Werner Koch  <wk@gnupg.org>

	scd: Add option --clear to PASSWD.
	+ commit d4082ff430afe670510d2c1c7ea66ee9ddcbe505
	* scd/command.c (cmd_passwd): Add option --clear.
	(send_status_printf): New.
	* scd/app-common.h (APP_CHANGE_FLAG_CLEAR): New.
	* scd/app-nks.c (do_change_pin): Return an error if that option is
	used.
	* scd/app-openpgp.c (do_change_pin): Ditto.

	scd: One new and one improved 7816 function.
	+ commit 9309175de8c76de44021c25c7885355ff1a9b67b
	* scd/apdu.c (apdu_send_direct): New arg R_SW.
	* scd/command.c (cmd_apdu): Ditto.
	* scd/iso7816.c (iso7816_apdu_direct): New arg R_SW.
	(iso7816_general_authenticate): New.
	* scd/app-nks.c (get_chv_status, get_nks_version): Pass NULL for new
	arg.

	ssh: Simplify the curve name lookup.
	+ commit 11a65159f997ccd69ecb9d867c1f3d0c4d8837d6
	* agent/command-ssh.c (struct ssh_key_type_spec): Add field
	alt_curve_name.
	(ssh_key_types): Add some alternate curve names.
	(ssh_identifier_from_curve_name): Lookup also bey alternative names
	and return the canonical name.
	(ssh_key_to_blob): Simplify the ECDSA case by using gcry_pk_get_curve
	instead of the explicit mapping.
	(ssh_receive_key): Likewise.  Use ssh_identifier_from_curve_name to
	validate the curve name.  Remove the reverse mapping because since
	GnuPG-2.2 Libgcrypt 1.7 is required.
	(ssh_handler_request_identities): Log an error message.

	gpg: Stop early when trying to create a primary Elgamal key.
	+ commit f5d3b982e44c5cfc60e9936020102a598b635187
	* g10/misc.c (openpgp_pk_test_algo2): Add extra check.

2019-01-17  NIIBE Yutaka  <gniibe@fsij.org>

	scd: Fix for USB INTERRUPT transfer.
	+ commit 9dc76d599cd4c86d3c187d078daad1144a92564c
	* scd/ccid-driver.c (intr_cb): When LIBUSB_TRANSFER_NO_DEVICE,
	just handle this event as failure.

2018-12-19  NIIBE Yutaka  <gniibe@fsij.org>

	agent: Fix message for ACK button.
	+ commit 80a08b655f8f5e7a7d78b766f1770fd474081a48
	* agent/divert-scd.c (getpin_cb): Display correct message.

2018-12-18  Werner Koch  <wk@gnupg.org>

	Silence compiler warnings new with gcc 8.
	+ commit 21fc089148678f59edb02e0e16bed65b709fb972
	* dirmngr/dns.c: Include gpgrt.h.  Silence -Warray-bounds also gcc.
	* tests/gpgscm/scheme.c: Include gpgrt.h.
	(Eval_Cycle): Ignore -Wimplicit-fallthrough.

	wks: Do not use compression for the encrypted data.
	+ commit 16424d8a34c7f6af1071fd19dfc180cb7d17c052
	* tools/gpg-wks-client.c (encrypt_response): Add arg -z0.
	* tools/gpg-wks-server.c (encrypt_stream): Ditto.

2018-12-18  NIIBE Yutaka  <gniibe@fsij.org>

	po: Update Japanese translation.
	+ commit ae9159e0685098ee97d6f526666524423f4a0fff


	scd: Support "acknowledge button" feature.
	+ commit ffe31f405f9b5e4929e95c3d66c613052cb7727e
	* scd/apdu.c (set_prompt_cb): New member function.
	(set_prompt_cb_ccid_reader): New function.
	(open_ccid_reader): Initialize with set_prompt_cb_ccid_reader.
	(apdu_set_prompt_cb): New.
	* scd/app.c (lock_app, unlock_app): Add call to apdu_set_prompt_cb.
	* ccid-driver.c (ccid_set_prompt_cb): New.
	(bulk_in): Call ->prompt_cb when timer extension.
	* scd/command.c (popup_prompt): New.

	agent: Support --ack option for POPUPPINPADPROMPT.
	+ commit e6be36ee8854dc343a5e0f914991da3da360b513
	* agent/divert-scd.c (getpin_cb): Support --ack option.

2018-12-14  Werner Koch  <wk@gnupg.org>

	Release 2.2.12.
	+ commit 7d8f4ee7cf56eda988acdc909160cbac71bff18a


2018-12-11  Werner Koch  <wk@gnupg.org>

	agent: Make the S2K calibration time runtime configurable.
	+ commit de29a50e7c8a779ac0832a149bcf3eb2c4191dc9
	* agent/protect.c (s2k_calibration_time): New file global var.
	(calibrate_s2k_count): Use it here.
	(get_calibrated_s2k_count): Replace function static var by ...
	(s2k_calibrated_count): new file global var.
	(set_s2k_calibration_time): New function.
	* agent/gpg-agent.c (oS2KCalibration): New const.
	(opts): New option --s2k-calibration.
	(parse_rereadable_options): Parse that option.

2018-12-11  Daniel Kahn Gillmor  <dkg@fifthhorseman.net>

	agent: compile-time configuration of s2k calibration.
	+ commit 0cf0f3aaf835d29848f1485df357606254ba6fad
	* configure.ac: add --with-agent-s2k-calibration=MSEC, introduces
	AGENT_S2K_CALIBRATION (measured in milliseconds)
	* agent/protect.c (calibrate_s2k_count): Calibrate based on
	AGENT_S2K_CALIBRATION.

	(cherry picked from commit 926d07c5fa05de05caef3a72b6fe156606ac0549)

2018-12-11  Werner Koch  <wk@gnupg.org>

	dirmngr: Retry another server from the pool on 502, 503, 504.
	+ commit e5abdb6da7fa7cd4d146c7285b160277511bc230
	* dirmngr/ks-engine-hkp.c (handle_send_request_error): Add arg
	http_status and handle it.
	(ks_hkp_search): Get http_status froms end_request and pass on to
	handle_send_request_error.
	(ks_hkp_get): Ditto.
	(ks_hkp_put): Ditto.

	dirmngr: New function http_status2string.
	+ commit b9d71ea64a694582739c18cfef9621b36d5371e9
	* dirmngr/http.c (http_status2string): New.

	gpg: In search-keys return "Not found" instead of "No Data".
	+ commit f7ff25edadd474f83fccba6fd3c410eb8358bb22
	* g10/keyserver.c (keyserver_search): Check for NO_DATA.

2018-12-11  Tomi Leppänen  <tomi.leppanen@jolla.com>

	tools: Use POSIX compatible arguments for find.
	+ commit dfcc5e6d3ec91f547feb78e442946e729b49878c
	* tools/addgnupghome (filelist): Remove bashism.

2018-12-06  NIIBE Yutaka  <gniibe@fsij.org>

	scd: Make "learn" report about KDF data object.
	+ commit d4bc8051525a33b28b1e33daf35d79c1d6cd9c41
	* scd/app-openpgp.c (do_learn_status): Report KDF attr.
	* g10/card-util.c (current_card_status): Output KDF for with_colons.

	card: Display if KDF is enabled or not.
	+ commit 751ff784e5316470f266750d299ae857ad7840d8
	* g10/call-agent.h (kdf_do_enabled): New field.
	* g10/call-agent.c (learn_status_cb): Set kdf_do_enabled if available.
	* g10/card-util.c (current_card_status): Inform the availability.

	g10: Fix memory leak for --card-status.
	+ commit 293001e2c6f0e228ff7f1b6a3e2606ae1370a5d5
	* g10/card-util.c (card_status): Release memory of serial number.

2018-12-05  NIIBE Yutaka  <gniibe@fsij.org>

	g10: Fix print_pubkey_info new line output.
	+ commit c5aba093b86e7d69b34ddcf55130f8f21e889b5c
	* g10/keylist.c (print_pubkey_info): Reverse the condition.

2018-12-05  Werner Koch  <wk@gnupg.org>

	gpg: New list-option "show-only-fpr-mbox".
	+ commit 9b538451682c704b4036c0ecdb7e6b0ef8570016
	* g10/gpg.c (parse_list_options): Add option "show-only-fpr-mbox".
	* g10/options.h (LIST_SHOW_ONLY_FPR_MBOX): New.
	* g10/keylist.c (list_keyblock_simple): New.
	(list_keyblock): Call it.
	(list_all): Do not print the keyring name in LIST_SHOW_ONLY_FPR_MBOX
	mode.

	wks: Fix filter expression syntax flaw.
	+ commit 80bf1f8901dcbbb2cb6cacc11cca98705ce8f59d
	* tools/wks-util.c (wks_get_key, wks_filter_uid): The filter
	expression needs a space before the value.
	(install_key_from_spec_file): Replace es_getline by es_read_line and
	remove debug output.

	wks: Allow reading of --install-key arguments from stdin.
	+ commit b6fd60dfa1709f162c25eb72cf8c45d0ab9bf34f
	* tools/wks-util.c (install_key_from_spec_file): New.
	(wks_cmd_install_key): Call it.
	* tools/gpg-wks-client.c (main): Allow --install-key w/o arguments.
	* tools/gpg-wks-server.c (main): Ditto.

	(cherry picked from commit ba46a359b9d6549b74ec8401ea39bad434d87564)

	wks: Create sub-directories.
	+ commit bf29d7c822264a40f1469c7b5024d93b955a3a1e
	* tools/wks-util.c (wks_compute_hu_fname): Stat and create directory
	if needed.

	(cherry picked from commit 73e5b0ec9b9ba5e04e55f8c42d81e23df7c3afe0)

	wks: Add new commands --install-key and --remove-key to the client.
	+ commit 5b4aa8c6d4abfa3135ec3ab23decf9bdd624df3e
	* tools/gpg-wks-client.c (aInstallKey, aRemoveKey, oDirectory): New.
	(opts): Add "--install-key", "--remove-key" and "-C".
	(parse_arguments): Parse them.
	(main): Check that the given directory exists.  Implement the new
	commands.

	wks: Move a few server functions to wks-util.
	+ commit 51b722c6f57b80a3b9caa417b7a74e7fab80043f
	* tools/gpg-wks-server.c (write_to_file): Move to ...
	* tools/wks-util.c: here.
	* tools/gpg-wks-server.c (compute_hu_fname): Move to ...
	* tools/wks-util.c (wks_compute_hu_fname): here.
	* tools/gpg-wks-server.c (fname_from_userid): Move to ...
	* tools/wks-util.c (wks_fname_from_userid): here.
	* tools/gpg-wks-server.c (command_install_key): Move to ...
	* tools/wks-util.c (wks_cmd_install_key): here and change caller.
	* tools/gpg-wks-server.c (command_remove_key): Move to ...
	* tools/wks-util.c (wks_cmd_remove_key): here and change callers.

	(cherry picked from commit 99094c992c20dd22971beb3527cfda109cd1df89)

2018-12-05  Jussi Kivilinna  <jussi.kivilinna@iki.fi>

	g10/mainproc: disable hash contexts when --skip-verify is used.
	+ commit 6008410e512cb74a4a2ad3f6e3fce4669e4f7e2c
	* g10/mainproc.c (proc_plaintext): Do not enable hash contexts when
	opt.skip_verify is set.

	common/iobuf: fix memory wiping in iobuf_copy.
	+ commit ebd434a45eefd34bd9d9f875f22a74a47b88dd5f
	* common/iobuf.c (iobuf_copy): Wipe used area of buffer instead of
	first sizeof(char*) bytes.

	common: Use platform memory zeroing function for wipememory.
	+ commit 21fdef6963539680a16b68b7536378bdaa8dea85
	* common/mischelp.h (wipememory): Replace macro with function
	prototype.
	(wipememory2): Remove.
	* common/mischelp.c (wipememory): New.
	* configure.ac (AC_CHECK_FUNCS): Check for 'explicit_bzero' and
	remove duplicated checks.

2018-12-05  Werner Koch  <wk@gnupg.org>

	gpg: Improve error message about failed keygrip computation.
	+ commit edeebe0a6b9a49d2291d6351d52c5bc688d24cff
	* g10/keyid.c (keygrip_from_pk): Print the fingerprint on failure.

	(cherry picked from commit cd64af003d4b6b46b69dbd575f73d53359ae0bcc)

2018-11-23  Werner Koch  <wk@gnupg.org>

	dirmngr: Avoid possible CSRF attacks via http redirects.
	+ commit 4a4bb874f63741026bd26264c43bb32b1099f060
	* dirmngr/http.h (parsed_uri_s): Add fields off_host and off_path.
	(http_redir_info_t): New.
	* dirmngr/http.c (do_parse_uri): Set new fields.
	(same_host_p): New.
	(http_prepare_redirect): New.
	* dirmngr/t-http-basic.c: New test.
	* dirmngr/ks-engine-hkp.c (send_request): Use http_prepare_redirect
	instead of the open code.
	* dirmngr/ks-engine-http.c (ks_http_fetch): Ditto.

2018-11-12  Andre Heinecke  <aheinecke@intevation.de>

	dirmngr: Add FLUSHCRLs command.
	+ commit 00321a025f90990a71b60b4689ede1f38fbde347
	Summary:
	* dirmngr/crlcache.c (crl_cache_flush): Also deinit the cache.
	* dirmngr/server.c (hlp_flushcrls, cmd_flushcrls): New.
	(register_commands): Add FLUSHCRLS.

2018-11-06  Werner Koch  <wk@gnupg.org>

	Release 2.1.11.
	+ commit cb46b787571ef149856be03b8c3481bb79871698


2018-11-06  NIIBE Yutaka  <gniibe@fsij.org>

	g10: Fix print_keygrip for smartcard.
	+ commit 627839ea88da11a9e8d033e3c91bdf5a048b15c3
	* g10/card-util.c (print_keygrip): Use tty_fprintf.

2018-11-05  Werner Koch  <wk@gnupg.org>

	wks: New option --with-colons for gpg-wks-client.
	+ commit 66e0bd37ee3dd5ab534b2664493576ef6ad15a08
	* tools/gpg-wks.h (opt): Add field with_colons.
	* tools/gpg-wks-client.c (oWithColons): New const.
	(opts, parse_arguments): Add option --with-colons.
	(main): Change aSupported to take several domains in --with-colons
	mode.
	(command_send): Factor policy getting code out to ...
	(get_policy_and_sa): New function.
