2017-07-19  Werner Koch  <wk@gnupg.org>

	Release 1.4.22.
	+ commit 6153268aaf04ec960a4e1dcc50434e815a47e0e8


2017-07-19  Åka Sikrom  <a4 -at- hush -dot- com>

	po: Update Norwegian translation.
	+ commit 5f7667eca899952480e066404f1b46eca7fe401f


2017-07-07  NIIBE Yutaka  <gniibe@fsij.org>

	gpg: Fix memory leak.
	+ commit 6b4abf1d491d30a6bdaeb2c425c780cacd65bab4
	* g10/textfilter.c (copy_clearsig_text): Free the buffer.

	rsa: Reduce secmem pressure.
	+ commit 1b1f44846b5f21a80ed101f2284ce5f6e8849ee7
	* cipher/rsa.c (secret): Don't keep secmem.

	rsa: Allow different build directory.
	+ commit 994d5b707559a800a650dc7f273372f509d74780
	* cipher/Makefile.am (AM_CPPFLAGS): Add mpi dirs.
	* cipher/rsa.c: Change include file.

2017-07-07  Marcus Brinkmann  <mb@g10code.com>

	rsa: Add exponent blinding.
	+ commit 8fd9f72e1b2e578e45c98c978cab4f6d47683d2c
	* cipher/rsa.c (secret_core_crt): Blind secret D with randomized
	nonce R for mpi_powm computation.

2017-07-07  NIIBE Yutaka  <gniibe@fsij.org>

	mpi: Minor fix for mpi_pow.
	+ commit 554ded4854758bf6ca268432fa087f946932a409
	* mpi/mpi-pow.c (mpi_powm): Fix allocation size.

	mpi: Same computation for square and multiply for mpi_pow.
	+ commit 12029f83fd0ab3e8ad524f6c9135854662fddfd1
	* mpi/mpi-pow.c (_gcry_mpi_powm): Compare msize for max_u_size.  Move
	the assignment to base_u into the loop.  Copy content refered by RP to
	BASE_U except the last of the loop.

	mpi: Simplify mpi_powm.
	+ commit b38f4489f75e6e435886aa885807738a22c7ff60
	* mpi/mpi-pow.c (_gcry_mpi_powm): Simplify the loop.

2017-07-04  Marcus Brinkmann  <marcus.brinkmann@ruhr-uni-bochum.de>

	mpi: Fix ARM assembler in longlong.h.
	+ commit 782f804765b6f4226fd77843e59f57dcca61b6fb
	* mpi/longlong.h [__arm__] (add_ssaaaa, sub_ddmmss): Add __CLOBBER_CC.
	[__arm__][__ARM_ARCH <= 3] (umul_ppmm): Add __AND_CLOBBER_CC.

2017-07-03  Marcus Brinkmann  <marcus.brinkmann@ruhr-uni-bochum.de>

	doc: Fix typo.
	+ commit 7b045f539e5f67c937c18157c26fb3a767c1c7e6


2017-05-10  Ineiev  <ineiev@gnu.org>

	g10: Fix secmem leak.
	+ commit 2c2121ff3c2b90f21b75dd56c981b4d9e6d1c0e2
	* g10/keygen.c (proc_parameter_file): Fix secmem leak.

2017-03-30  Werner Koch  <wk@gnupg.org>

	gpg: Fix exporting of zero length user ID packets.
	+ commit bb61191aad98c3dbb487c1f76dd1552d44a52fe3
	* g10/build-packet.c (do_user_id): Avoid indeterminate length header.

2016-11-02  Neal H. Walfield  <neal@g10code.com>
	    Michael Mönch  <michael.moench@marktjagd.de>

	tools: Fix option parsing for gpg-zip.
	+ commit f2acaa5d785a29eca629c4b3df739bc474249004
	* tools/gpg-zip.in: Correctly set GPG when --gpg is specified.
	Correctly set TAR when --tar is specified.  Pass TAR_ARGS to tar.

	(cherry-picked by dkg from master branch's
	84ebf15b06e435453b2f58775f97a3a1c61a7e55)

2016-08-17  Werner Koch  <wk@gnupg.org>

	Release 1.4.21.
	+ commit 47531220e57bf5093dcf2312884124f0a79e15db


	gpg: Add dummy option --with-subkey-fingerprint.
	+ commit 5e1843fc47457a9a0525ed7d3e55961d342ef1e2
	* g10/gpg.c (opts): Add dummy option.

	build: Create a swdb file during "make distcheck".
	+ commit 56792b1191a31c8409d7dcdb33b87a92f0e65ab2
	* Makefile.am (distcheck-hook): New.

2016-08-17  Ineiev  <ineiev@gnu.org>

	po: Update Russian translation.
	+ commit 851a9de23ac0977c66f5ef56f08d8ca5eae92930


2016-08-17  Werner Koch  <wk@gnupg.org>

	random: Hash continuous areas in the csprng pool.
	+ commit c6dbfe89903d0c8191cf50ecf1abb3c8458b427a
	* cipher/random.c (mix_pool): Store the first hash at the end of the
	pool.

	cipher: Improve readability by using a macro.
	+ commit e23eec8c9a602eee0a09851a54db0f5d611f125c
	* cipher/random.c (mix_pool): Use DIGESTLEN instead of 20.

2016-08-09  Daniel Kahn Gillmor  <dkg@fifthhorseman.net>

	gpg: Avoid publishing the GnuPG version by default.
	+ commit 61539efc2bc4ba9a9faceaced12660d588c1be7a
	* g10/gpg.c (main): initialize opt.emit_version to 0
	* doc/gpg.texi: document different default for --emit-version

2016-08-04  Daniel Kahn Gillmor  <dkg@fifthhorseman.net>

	Clean up "allow to"
	+ commit 15d13272344fa0d8753a321c087b30a6d5115dfb
	* README, cipher/cipher.c, cipher/pubkey.c, doc/gpg.texi: replace
	  "allow to" with clearer text

	In standard English, the normal construction is "${XXX} allows ${YYY}
	to" -- that is, the subject (${XXX}) of the sentence is allowing the
	object (${YYY}) to do something.  When the object is missing, the
	phrasing sounds awkward, even if the object is implied by context.
	There's almost always a better construction that isn't as awkward.

	These changes should make the language a bit clearer.

	Fix spelling: "occured" should be "occurred"
	+ commit 1820889e3c4a9a07981951b3e74f722658fb01c5
	* checks/armor.test, cipher/des.c, g10/ccid-driver.c, g10/pkclist.c,
	  util/regcomp.c, util/regex_internal.c: correct the spelling of
	  "occured" to "occurred"

2016-08-04  NIIBE Yutaka  <gniibe@fsij.org>

	g10: Fix checking key for signature validation.
	+ commit f474b161f6c8c7a3dc0fb90d25ffceacba1ff117
	* g10/sig-check.c (signature_check2): Not only subkey, but also primary
	key should have flags.valid=1.

2016-08-03  Justus Winter  <justus@g10code.com>

	Partially revert "g10: Fix another race condition for trustdb access."
	+ commit 0f6bda4ccd2091e386e78c369131388ae5ebc002
	This amends db246f8b which accidentally included the compiled
	translation files.

2016-07-09  NIIBE Yutaka  <gniibe@fsij.org>

	gpgv: Tweak default options for extra security.
	+ commit cf01cf8b88abb6ed5fea300c28e2a1e6a7c67804
	* g10/gpgv.c (main): Set opt.no_sig _cache, so that it doesn't depend on
	cached status.  Similarly, set opt.flags.require_cross_cert for backsig
	validation for subkey signature.

2016-07-06  NIIBE Yutaka  <gniibe@fsij.org>

	g10: Fix keysize with --expert.
	+ commit ca1fc596267b42a894a3fc85c3733007c672ed1f
	* g10/keygen.c (ask_keysize): It's 768 only for DSA.

2016-06-28  NIIBE Yutaka  <gniibe@fsij.org>

	g10: Fix --list-packets.
	+ commit 39e32d375ef72874848f138d941d6d17f5aff85c
	* g10/gpg.c (main): Call set_packet_list_mode after assignment of
	opt.list_packets.
	* g10/mainproc.c (do_proc_packets): Don't stop processing with
	--list-packets as the comment says.
	* g10/options.h (list_packets): Fix the comment.
	* g10/parse-packet.c: Fix the condition for opt.list_packets.

2016-06-15  Niibe Yutaka  <gniibe@fsij.org>

	g10: Fix another race condition for trustdb access.
	+ commit db246f8b18b77314938e596b8217bd97223d5aad
	* g10/tdbio.c (create_version_record): Call create_hashtable to always
	make hashtable, together with the version record.
	(get_trusthashrec): Remove call to create_hashtable.

2016-02-12  NIIBE Yutaka  <gniibe@fsij.org>

	g10: Make sure to have the directory for trustdb.
	+ commit d957e4388f72581b1ec801613b5629b5ea3f586d
	* g10/tdbio.c (tdbio_set_dbname): Return earlier if !CREATE.  Check
	the directory and create it if none before calling take_write_lock.

2016-02-01  Werner Koch  <wk@gnupg.org>

	Fix possible sign extension problem with newer compilers.
	+ commit 22caa5c2d4b65289a0857c36bcded36b34baf4d2
	* cipher/des.c (READ_64BIT_DATA): Cast to u32 before shifting by 24.
	* cipher/blowfish.c (do_encrypt_block): Ditto.
	(do_decrypt_block): Ditto.
	* cipher/camellia.c (CAMELLIA_RR8): Ditto.
	* cipher/cast5.c (do_encrypt_block): Ditto.
	(do_decrypt_block): Ditto.
	(do_cast_setkey): Ditto.
	* cipher/twofish.c (INPACK): Ditto.
	* util/iobuf.c (block_filter): Ditto.

2016-01-26  NIIBE Yutaka  <gniibe@fsij.org>

	g10: Fix iobuf API of filter function for alignment.
	+ commit aa4a3aa3e7a0c7dc231b90b2958184c7138ccc93
	* include/iobuf.h (struct iobuf_struct): Remove DESC.
	* util/iobuf.c (iobuf_desc): New.
	(print_chain, iobuf_close, iobuf_open, iobuf_fdopen, iobuf_sockopen)
	(iobuf_create, iobuf_append, iobuf_openrw, iobuf_ioctl)
	(iobuf_push_filter2, pop_filter, underflow): Use iobuf_desc.
	(file_filter, sock_filter, block_filter): Fill the description.
	* g10/armor.c, g10/cipher.c, g10/compress-bz2.c, g10/compress.c,
	g10/encode.c, g10/encr-data.c, g10/mdfilter.c, g10/pipemode.c,
	g10/progress.c, g10/textfilter.c: Likewise.

2016-01-15  Werner Koch  <wk@gnupg.org>

	Fix possible AIX problem with sysconf in rndunix.
	+ commit a38dffde7b19bd4881afcd87c23aac2daa5bd52a
	* cipher/rndunix.c [HAVE_STDINT_H]: Include stdint.h.
	(start_gatherer): Detect misbehaving sysconf.

2016-01-13  NIIBE Yutaka  <gniibe@fsij.org>

	Fix to support git worktree.
	+ commit e26706700f6f339891cce924e2a401dfbdba1a0e
	* Makefile.am: Use -e for testing .git.

2015-12-21  NIIBE Yutaka  <gniibe@fsij.org>

	po: Update Japanese translation.
	+ commit d908e7d2384b5e742d41d468ad079c99f4b0a625


2015-12-19  Werner Koch  <wk@gnupg.org>

	Release 1.4.20.
	+ commit 19549aec296b4cba825682dbddb1fa4214b05cab


	w32: Avoid warning when using newer mingw versions.
	+ commit 56daf9b6e53b67f75305e7806860a3db94e3be2d
	* g10/tdbio.c (ftruncate): Do not define if already defined.

2015-12-19  Daniel Kahn Gillmor  <dkg@fifthhorseman.net>

	gpg: Add option --weak-digest to gpg and gpgv.
	+ commit 924518b10d4d8b39236a829989310a211f739c5b
	* g10/options.h: Add weak_digests linked list to opts.
	* g10/main.h: Declare weakhash linked list struct and
	additional_weak_digest() function to insert newly-declared weak
	digests into opts.
	* g10/misc.c: (additional_weak_digest): New function.
	(print_digest_algo_note): Check for deprecated digests.
	* g10/sig-check.c: (do_check): Reject all weak digests.
	* g10/gpg.c: Add --weak-digest option to gpg.
	* doc/gpg.texi: Document gpg --weak-digest option.
	* g10/gpgv.c: Add --weak-digest option to gpgv.
	* doc/gpgv.texi: Document gpgv --weak-digest option.

2015-12-19  Werner Koch  <wk@gnupg.org>

	gpg: Reject signatures made with MD5.
	+ commit 43e5d28c6dbab9e5bcf652b4051184d409910c69
	* g10/gpg.c: Add option --allow-weak-digest-algos.
	(main): Set option also in PGP2 mode.
	* g10/options.h (struct opt): Add flags.allow_weak_digest_algos.
	* g10/sig-check.c (do_check): Reject MD5 signatures.
	* tests/openpgp/gpg.conf.tmpl: Add allow_weak_digest_algos.

2015-12-17  Werner Koch  <wk@gnupg.org>

	gpg: Change default cipher for --symmetric from CAST5 to AES-128.
	+ commit fc30a414d8d6586207444356ec270bd3fe0f6e68
	* g10/main.h (DEFAULT_CIPHER_ALGO): Change to AES or CAST5 or 3DES
	depending on configure options.
	* g10/gpg.c (main): Set opt.s2k_cipher_algo to DEFAULT_CIPHER_ALGO.

2015-12-17  Daniel Kahn Gillmor  <dkg@fifthhorseman.net>

	Pass DBUS_SESSION_BUS_ADDRESS for gnome3.
	+ commit 751b287179c3a485261051a8bc838ee9405fa890
	* g10/passphrase.c (stdenvnames): Add DBUS_SESSION_BUS_ADDRESS.

2015-11-20  Werner Koch  <wk@gnupg.org>

	gpg: Avoid cluttering stdout with trustdb info in verbose mode.
	+ commit 8b5cb544a8a1d9274a072990b13bb1d3cb2f6ab2
	* g10/trustdb.c (validate_keys): Call dump_key_array only in debug
	mode.

2015-10-01  Werner Koch  <wk@gnupg.org>

	gpg: Silence a compiler warning.
	+ commit 6db18e29eb81b37ed6feb592add77d492c60fc35
	* g10/parse-packet.c (enum_sig_subpkt): Replace hack.

2015-09-17  NIIBE Yutaka  <gniibe@fsij.org>

	po: Update Japanese translation.
	+ commit 9232df23ac545e358d10c5539bdc9de2d05f15e8


2015-09-08  NIIBE Yutaka  <gniibe@fsij.org>

	po: Fix Spanish translation.
	+ commit bd6f80061a7f7dd8831a2ce989bbd47f46a195bc


2015-09-01  Werner Koch  <wk@gnupg.org>

	Obsolete option --no-sig-create-check.
	+ commit ae61f01523fc68fbd3dbac5f2ba761a7b8b117dd
	* cipher/rsa.c (rsa_sign): Verify after sign.
	* g10/gpg.c (opts): Make --no-sig-create-check a NOP.
	* g10/options.h (opt): Remove field "no_sig_create_check".
	* g10/sign.c (do_sign): Do check only for DSA.

2015-06-16  NIIBE Yutaka  <gniibe@fsij.org>

	g10: Fix a race condition initially creating trustdb.
	+ commit ae38cbbca493725305c4131fbcafa716ae0c6109
	* g10/tdbio.c (take_write_lock, tdbio_set_dbname): Fix message.

2015-06-15  NIIBE Yutaka  <gniibe@fsij.org>

	g10: Fix a race condition initially creating trustdb.
	+ commit 6f992d94ea708535b2f3a3de22b429401d59fac9
	* g10/tdbio.c (take_write_lock, release_write_lock): New.
	(put_record_into_cache, tdbio_sync, tdbio_end_transaction): Use
	new lock functions.
	(tdbio_set_dbname): Fix the race.
	(open_db): Don't call dotlock_create.

2015-05-19  NIIBE Yutaka  <gniibe@fsij.org>

	g10: detects public key encryption packet error properly.
	+ commit f3b00d88efa25e23f70b757cf99302af77d3d7ae
	g10/mainproc.c (proc_pubkey_enc): Only allow relevant algorithms for
	encryption.

	g10: Improve handling of no corresponding public key.
	+ commit b3fd30451a5464b124b0296afbc341cb98b3977c
	* g10/getkey.c (get_seckey): Return G10ERR_NO_PUBKEY when it's not
	exact match.

2015-04-30  NIIBE Yutaka  <gniibe@fsij.org>

	g10: fix cmp_public_key and cmp_secret_keys.
	+ commit 04667cabef2d6aaa214b288482bb902c891893a5
	* g10/free-packet.c (cmp_public_keys, cmp_secret_keys): Compare opaque
	data at the first entry of the array when it's unknown algo.
	* mpi/mpi-cmp.c (mpi_cmp): Backport libgcrypt 1.5.0's semantics.

2015-04-05  Werner Koch  <wk@gnupg.org>

	gpg: Fix DoS while parsing mangled secret key packets.
	+ commit 506eb6fec67f170827777f2f44ced6f50745a0ad
	* g10/parse-packet.c (parse_key): Check PKTLEN before calling mpi_read
	et al.

2015-03-28  Werner Koch  <wk@gnupg.org>

	gpg: Remove left-over debug message.
	+ commit f34d88364a984947bcd7c344f9532f683b856353
	* g10/armor.c (check_input): Remove log_debug.

2015-02-27  Werner Koch  <wk@gnupg.org>

	Release 1.4.19.
	+ commit bcf44e2d153792e20036a26126ad77cef79a0304


	po: Update German translation.
	+ commit 47c2369bb723aac85caf848a7b563889e83bc88f


2015-02-26  David Prévot  <taffit@debian.org>

	po: Update French translation.
	+ commit 9dbfca0db80789d8d2020a945de2ccff484abc02


2015-02-26  Roman Pavlik  <rp@tns.cz>

	po: Update Czech translation.
	+ commit bcccd89eb93a413f633570d250b1e004cddef765


2015-02-26  Frans Spiesschaert  <Frans.Spiesschaert@yucom.be>

	po: Update Dutch translation.
	+ commit 0e4a82c59bd087a6099cccec3a4419f8f57bb3c0


2015-02-26  Manuel \"Venturi\" Porras Peralta  <venturi@openmailbox.org>

	po: Update Spanish translation.
	+ commit d27a4779108e265ad08d8f74887d32723cb62197


2015-02-26  Jakub Bogusz  <qboosh@pld-linux.org>

	po: Update Polish translation.
	+ commit 17a2356328d0cdf9ed7fcc3e8f1f3867d3ff611d


2015-02-26  Ineiev  <ineiev@gnu.org>

	po: Update Russian translation.
	+ commit 054b2c113ea01ff79dbe8365dba0c239ee4821e2


2015-02-26  Yuri Chornoivan  <yurchor@ukr.net>

	po: Update Ukrainian translation.
	+ commit e5b5f50af74c7a760240c109f2b4c37d92d254b8


2015-02-26  Milo Casagrande  <milo@milo.name>

	po: Update Italian translation.
	+ commit d252043b9b0aac9145f38d184c34cefbf1f9f1c9


2015-02-26  Jedi Lin  <Jedi@Jedi.org>

	Update Chinese (traditional) translation.
	+ commit 4986eddbdf3485452546e9243729522c2c3fef93


2015-02-26  Werner Koch  <wk@gnupg.org>

	Fix for building without DNS support.
	+ commit c43391f96537c304a8fddd2939a8380d8dd13319
	* util/cert.c (get_cert) [!USE_DNS_CERT]: Add want_ipgp.

	po,intl: Update to 0.19.3.
	+ commit 8adbf74b9398813c3e5d07c0789eaf75a6c3d97e


	Switch to a hash and CERT record based PKA system.
	+ commit 52c6c30647a96162a10715e667299167717c58dd
	* util/pka.c: Rewrite.
	(get_pka_info): Add arg fprbuflen.  Change callers to pass this.
	* util/strgutil.c (ascii_strlwr): New.
	* configure.ac: Remove option --disable-dns-pka.
	(USE_DNS_PKA): Remove ac_define.
	* g10/getkey.c (parse_auto_key_locate): Always include PKA.

	Move two functions from g10/ to util/.
	+ commit 240451a26e3e1fdabe0451a33f8918d4adfa852b
	* g10/misc.c (has_invalid_email_chars, is_valid_mailbox): Move to ...
	* util/strgutil.c: here.

	Add new function strconcat.
	+ commit 484d0730582a57808333e6af58d51c471f2b125a
	* include/util.h (GNUPG_GCC_A_SENTINEL): New.
	* util/strgutil.c (do_strconcat, strconcat): New.

	Add convenience function to hash a buffer.
	+ commit 2e7a3ed39007deb561a9175f7fccd52946c85d28
	* cipher/sha1.c (sha1_hash_buffer): New.

	Allow requesting only an IPGP certtype with dns_cert().
	+ commit d2323ce6fdceeba9765f23a1d5b5e4cb127d99ed
	* util/cert.c (get_cert): Add arg want_ipgp.  Change callers.

2015-02-26  NIIBE Yutaka  <gniibe@fsij.org>

	mpi: Avoid data-dependent timing variations in mpi_powm.
	+ commit 6cbc75e71295f23431c4ab95edc7573f2fc28476
	* include/mpi.h, mpi/mpiutils.c (mpi_set_cond): New.
	* mpi/mpi-pow.c (SIZE_PRECOMP): Rename from SIZE_B_2I3.
	(mpi_powm): Access all data in the table and use mpi_set_cond.

2015-02-23  Werner Koch  <wk@gnupg.org>

	Protect against NULL return of mpi_get_opaque.
	+ commit e0c13ad5f290aec05706797b8f6c9e13d613eb66
	* g10/seckey-cert.c (do_check): Call BUG for NULL return of
	get_opaque.

2015-02-23  Daniel Kahn Gillmor  <dkg@fifthhorseman.net>

	gpg: Fix segv due to NULL value stored as opaque MPI.
	+ commit 6f032181ba78c5eeb14f9aab4307a75bbaf0b115
	* g10/build-packet.c (do_secret_key): Check for NULL return from
	gcry_mpi_get_opaque.
	* g10/keyid.c (hash_public_key): Ditto.

2015-02-23  Werner Koch  <wk@gnupg.org>

	gpg: Remove an unused variable.
	+ commit a35ed8af41a91a52e1bbf992522a209f9c27dd55
	* g10/import.c (import): Remove need_armor.

	[dkg: rebased to STABLE-BRANCH-1-4]

2015-02-23  Daniel Kahn Gillmor  <dkg@fifthhorseman.net>

	curl-shim: clean up varargs.
	+ commit 2b2f2767851eccb12e591c7a3fa432e6bf9db8f2
	* keyserver/curl-shim.c (curl_easy_setopt) : ensure that va_end is
	  called.

2015-02-23  Werner Koch  <wk@gnupg.org>

	gpg: Print better diagnostics for keyserver operations.
	+ commit cf8d89b0ce69d4cfaa835fab913cc7c77565a75d
	* g10/armor.c (parse_key_failed_line): New.
	(check_input): Watch out for gpgkeys_ error lines.
	* g10/filter.h (armor_filter_context_t): Add field key_failed_code.
	* g10/import.c (import): Add arg r_gpgkeys_err.
	(import_keys_internal): Ditto.
	(import_keys_stream): Ditto.
	* g10/keyserver.c (keyserver_errstr): New.
	(keyserver_spawn): Detect "KEY " lines while sending.  Get gpgkeys_err
	while receiving keys.
	(keyserver_work): Add kludge for better error messages.

	Use inline functions to convert buffer data to scalars.
	+ commit 57af33d9e7c9b20b413b96882e670e75a67a5e65
	* include/host2net.h (buf16_to_ulong, buf16_to_uint): New.
	(buf16_to_ushort, buf16_to_u16): New.
	(buf32_to_size_t, buf32_to_ulong, buf32_to_uint, buf32_to_u32): New.

	gpg: Prevent an invalid memory read using a garbled keyring.
	+ commit 81d3e541326e94d26a953aa70afc3cb149d11ebe
	* g10/keyring.c (keyring_get_keyblock): Whitelist allowed packet
	types.

	gpg: Fix a NULL-deref in export due to invalid packet lengths.
	+ commit 68f260f77a9e4f5cacf0a58e4f55ddee125d3f00
	* g10/build-packet.c (write_fake_data): Take care of a NULL stored as
	opaque MPI.

	gpg: Fix a NULL-deref due to empty ring trust packets.
	+ commit 2e8db53854506572e9d5b5908e143b5ca28f30f5
	* g10/parse-packet.c (parse_trust): Always allocate a packet.

	gpg: Limit the size of key packets to a sensible value.
	+ commit 27d7addccf782d5cb0084cb17522d712d4a6d6b6
	* g10/parse-packet.c (MAX_KEY_PACKET_LENGTH): New.
	(MAX_UID_PACKET_LENGTH): New.
	(MAX_COMMENT_PACKET_LENGTH): New.
	(MAX_ATTR_PACKET_LENGTH): New.
	(parse_key): Limit the size of a key packet to 256k.
	(parse_user_id): Use macro for the packet size limit.
	(parse_attribute): Ditto.
	(parse_comment): Ditto.

	gpg: Allow predefined names as answer to the keygen.algo prompt.
	+ commit 20e14e331de4a7e9746650f8b39c1a66d2565c9e
	* g10/keygen.c (ask_algo): Add list of strings.

	gpg: Print a warning if the subkey expiration may not be what you want.
	+ commit 8baf452bb308a59478c9148109f4c78941170ecc
	* g10/keyedit.c (subkey_expire_warning): New.
	keyedit_menu): Call it when needed.

2015-02-11  Werner Koch  <wk@gnupg.org>

	Use ciphertext blinding for Elgamal decryption.
	+ commit ff53cf06e966dce0daba5f2c84e03ab9db2c3c8b
	* cipher/elgamal.c (USE_BLINDING): New.
	(decrypt): Rewrite to use ciphertext blinding.

2015-01-19  Werner Koch  <wk@gnupg.org>

	Modernize to automake 1.14.
	+ commit 592e1aa407a021ed8477f82b1291f30c80291086
	* Makefile.am (AUTOMAKE_OPTIONS): Move to ...
	* configure.ac (AM_INIT_AUTOMAKE): here and add serial-tests.

	* keyserver/Makefile.am: Replace INCLUDES by AM_CPPFLAGS.
	* mpi/Makefile.am: Ditto.
	* util/Makefile.am: Ditto.
	* keyserver/Makefile.am: Ditto.  Adjusted other things.

	* m4/intl.m4, m4/po.m4: Use autoconf's AC_PROG_MKDIR_P.

	Fix a problem with select and high fds.
	+ commit 8adb5ff26062f717619aa816de8b27aa7d40d6c8
	* cipher/rndlinux.c (rndlinux_gather_random): Check fd before using
	FD_SET.

2015-01-13  Werner Koch  <wk@gnupg.org>

	doc: Formatting fixes.
	+ commit ed6287d2e1546ee0f4064675270da003f51e1b39
	* doc/gpl.texi: Fix enumerate and re-indent examples.

2015-01-13  Daniel Kahn Gillmor  <dkg@fifthhorseman.net>

	avoid future chance of using uninitialized memory.
	+ commit e7cbce8fb2b7417fd1048f916b3e3281f5b9dd7b
	* util/iobuf.c: (iobuf_open): initialize len

2015-01-13  Werner Koch  <wk@gnupg.org>

	doc: Fix memory leak in yat2m.
	+ commit e2e822d22526c1545e095bc24173b732137f5737
	* doc/yat2m.c (write_th): Free NAME.

	gpg: Fix possible read of unallocated memory.
	+ commit aab282855ada8dddee99c777c91829344e91f31a
	* g10/parse-packet.c (can_handle_critical): Check content length
	before calling can_handle_critical_notation.

2015-01-09  Werner Koch  <wk@gnupg.org>

	scd: Fix possibly inhibited checkpin of the admin pin.
	+ commit c83e250ef36c28a275de74d96e89898e9f99cb1e
	* scd/app-openpgp.c (do_check_pin): Do not check a byte of a released
	buffer.

2015-01-08  Joshua Rogers  <git@internot.info>

	scd: fix get_public_key for OpenPGPcard v1.0.
	+ commit 3ca1f4098c70d322658cfaaa0d12164e6ac6d5ad
	* scd/app-openpgp.c (get_public_key): correctly close 'fp' upon use.

2014-12-12  NIIBE Yutaka  <gniibe@fsij.org>

	gpg: release DEK soon after its use.
	+ commit da66ad5bba4215b9ddd0cb927a89aa75355632aa
	* g10/keygen.c (generate_subkeypair): Release DEK soon.

2014-11-24  Werner Koch  <wk@gnupg.org>

	gpg: Fix use of uninit.value in listing sig subpkts.
	+ commit 2d359681f08999686734421228cb69893d8a0060
	* g10/parse-packet.c (dump_sig_subpkt): Print regex subpacket
	sanitized.

	gpg: Fix off-by-one read in the attribute subpacket parser.
	+ commit 2b4809406b6536cbb67a2282bf855710b8454dc2
	* g10/parse-packet.c (parse_attribute_subpkts): Check that the
	attribute packet is large enough for the subpacket type.

	gpg: Fix a NULL-deref for invalid input data.
	+ commit 69767ccf4218d0dc5ef2d7e141be0f14c88fea59
	* g10/mainproc.c (proc_encrypted): Take care of canceled passpharse
	entry.

2014-11-14  Werner Koch  <wk@gnupg.org>

	gpg: Make the use of "--verify FILE" for detached sigs harder.
	+ commit fbb50867f81d790c4bf819dcadcd14be6c3f957b
	* g10/openfile.c (open_sigfile): Factor some code out to ...
	(get_matching_datafile): new function.
	* g10/plaintext.c (hash_datafiles): Do not try to find matching file
	in batch mode.
	* g10/mainproc.c (check_sig_and_print): Print a warning if a possibly
	matching data file is not used by a standard signatures.

2014-11-12  Werner Koch  <wk@gnupg.org>

	gpg: Add import option "keep-ownertrust".
	+ commit 42d2474a02aa46e6fecf0e35c067aa0b6481ffbe
	* g10/options.h (IMPORT_KEEP_OWNERTTRUST): New.
	* g10/import.c (parse_import_options): Add "keep-ownertrust".
	(import_one): Act upon new option.

2014-10-03  Werner Koch  <wk@gnupg.org>

	mpi: Fix compiler warning.
	+ commit f68123551f4d5b286309006da67c57878f6cc619
	* mpi/mpi-inv.c (mpi_invm): Do not return a value.

2014-10-03  Daniel Kahn Gillmor  <dkg@fifthhorseman.net>

	gpg: Add build and runtime support for larger RSA keys.
	+ commit 534e2876acc05f9f8d9b54c18511fe768d77dfb5
	* configure.ac: Added --enable-large-secmem option.
	* g10/options.h: Add opt.flags.large_rsa.
	* g10/gpg.c: Contingent on configure option: adjust secmem size,
	add gpg --enable-large-rsa, bound to opt.flags.large_rsa.
	* g10/keygen.c: Adjust max RSA size based on opt.flags.large_rsa
	* doc/gpg.texi: Document --enable-large-rsa.

2014-09-29  Werner Koch  <wk@gnupg.org>

	doc: Final update from master (gnupg 2.1)
	+ commit 3209f270d236fae588edaab3d48fe707eb25641c
	* doc/Makefile.am (sources_from_trunk): Remove.
	(update-source): Make it a dummy.
	* doc/gpg.texi: Update.
	* doc/yat2m.c: Update.

	Allow use of --debug-level=LEVEL without '='.
	+ commit ad30b2a4ae06a51f747bbd8a3c0985333295f8c6
	* g10/gpg.c (opts): Fix "debug-level".

2014-09-11  Werner Koch  <wk@gnupg.org>

	mpi: Improve mpi_invm to detect bad input.
	+ commit cd53cdbc3774fb193bdebcdc5d7019ddebc16dbc
	* mpi/mpi-inv.c (mpi_invm): Return 0 for bad input.

2014-08-20  Werner Koch  <wk@gnupg.org>

	mpi: Suppress set-but-unused-variables warnings.
	+ commit b89f57fe5db364f78154671e1b2fe1ecd1b5c407
	* include/types.h (GNUPG_GCC_ATTR_UNUSED): Define for gcc >= 3.5.
	* mpi/mpih-div.c (mpihelp_divmod_1, mpihelp_mod_1): Mark dummy as
	 unused.
	* mpi/mpi-internal.h (UDIV_QRNND_PREINV): Mark _ql as unused.

	Fix strict-alias warnings for rijndael.c.
	+ commit ecf2728230788f413cf1864c3cbda73d63de8491
	* cipher/rijndael.c (do_setkey, prepare_decryption): Use u32_a_t cast.

	gpg: Allow compressed data with algorithm 0.
	+ commit 45e3b81114f40070dd638ac790f42df01b8c1484
	* g10/mainproc.c (proc_compressed): Remove superfluous check for
	an algorithm number of 0.

2014-08-06  Werner Koch  <wk@gnupg.org>

	gpg: Fix regression due to the keyserver import filter.
	+ commit d58552760b26d840824658814d59c8b1a25a4219
	* g10/keyserver.c (keyserver_retrieval_filter): Change args.  Rewrite
	to take subpakets in account.
	* g10/import.c (import_one, import_secret_one): Pass keyblock to
	filter.

	Add kbnode_t for easier backporting.
	+ commit dcf58b3471b1c9ba87a826aa132033e506664808
	* g10/global.h (kbnode_t): New.

2014-06-30  Werner Koch  <wk@gnupg.org>

	Release 1.4.18.
	+ commit 6a7b763e05d352a08f639d5eef9d0bac01c5c456


	Limit keysize for unattended key generation to useful values.
	+ commit aae7ec516b79e20938c56fd48fc0bc9d2116426c
	* g10/keygen.c (gen_elg): Enforce keysize 1024 to 4096.
	(gen_rsa): Enforce keysize 1024 to 4096.
	(gen_dsa): Enforce keysize 768 to 3072.

	Make screening of keyserver result work with multi-key commands.
	+ commit 955524f4359ba9e9de213f4067c38df9ae4808a8
	* g10/keyserver.c (ks_retrieval_filter_arg_s): new.
	(keyserver_retrieval_filter): Use new struct and check all
	descriptions.
	(keyserver_spawn): Pass filter arg suing the new struct.

2014-06-23  Werner Koch  <wk@gnupg.org>

	Release 1.4.17.
	+ commit 297f2ac6451e638ed96926d06b01189076010823


	doc: Update from master.
	+ commit bfc7893bdaf4dc674799ddddc0cae8f0af642b9d


	Fix syntax error introduced with 60bd6488.
	+ commit 0d0961c483f9cd0e195f88c0c82dbf2c859f88fe
	* g10/apdu.c (pcsc_dword_t): Fix syntax error.

2014-06-23  Stefan Tomanek  <tomanek@internet-sicherheit.de>

	Screen keyserver responses.
	+ commit 5230304349490f31aa64ee2b69a8a2bc06bf7816
	* g10/main.h: Typedef import_filter for filter callbacks.
	* g10/import.c (import): Add filter callbacks to param list.
	(import_one): Ditto.
	(import_secret_one): Ditto.
	(import_keys_internal): Ditto.
	(import_keys_stream): Ditto.
	* g10/keyserver.c (keyserver_retrieval_filter): New.
	(keyserver_spawn): Pass filter to import_keys_stream()

2014-06-23  Werner Koch  <wk@gnupg.org>

	Print hash algorithm in sig records.
	+ commit 8eab483a1c4817a2946624c7305f464089d1875e
	* g10/keylist.c (list_keyblock_colon): Print field 16.

	Remove useless diagnostic in MDC verification.
	+ commit 01bd0558dd2f8b80d2f3b61f91c11a68357c91fd
	* g10/encr-data.c (decrypt_data): Do not distinguish between a bad MDC
	packet header and a bad MDC.

	intl: Fix for uClibc.
	+ commit bb4d5c2d5f20afff4f5382b33e9f530e3352c06f
	* intl/localename.c (gl_locale_name_thread_unsafe): Take care of
	uCLIBC.

	PC/SC cleanup.
	+ commit 60bd6488c06dd849465bfbff518297a24d28ea08
	* g10/apdu.c (pcsc_dword_t): New.  It was named as DWORD (double-word)
	when a word was 16-bit.
	(struct reader_table_s): Fixes for types.
	(struct pcsc_readerstate_s) [__APPLE__]: Enable #pragma pack(1).
	Throughout: Fixes for types.

	gpg: Use more specific reason codes for INV_RECP.
	+ commit 4239780d5a8418d675884309416aa3f71b5b8faa
	* g10/pkclist.c (build_pk_list): Use more specific reasons codes for
	INV_RECP.

	doc: Remove outdated Russian man page.
	+ commit e28cbdc5598d64bd3f87230cc4e9f0e11da3893e
	* configure.ac (DOCBOOK_TO_MAN): Remove.
	* doc/gpg.ru.sgml: Remove.
	* doc/Makefile.am: Remove all gpg.ru related code.

2014-06-20  Werner Koch  <wk@gnupg.org>

	gpg: Avoid infinite loop in uncompressing garbled packets.
	+ commit 11fdfcf82bd8d2b5bc38292a29876e10770f4b0a
	* g10/compress.c (do_uncompress): Limit the number of extra FF bytes.

2014-03-06  Werner Koch  <wk@gnupg.org>

	gpg: Need to init the trustdb for import.
	+ commit 23191d7851eae2217ecdac6484349849a24fd94a
	* g10/trustdb.c (clear_ownertrusts): Init trustdb.

2014-01-23  Werner Koch  <wk@gnupg.org>

	Support building using the latest mingw-w64 toolchain.
	+ commit 24ba0ce93263c42afb9f087ffcf2edda0b433022
	* acinclude.m4 (GNUPG_SYS_SYMBOL_UNDERSCORE): Change mingw detection.

2013-12-13  Werner Koch  <wk@gnupg.org>

	Release 1.4.16.
	+ commit 7cdb86e0ad7a3f452c2f7358e3e830785281addc


2013-12-11  Werner Koch  <wk@gnupg.org>

	Change --show-session-key to print the session key earlier.
	+ commit fa3f555d756be0229ab10516b901e50230b22033
	* g10/mainproc.c (proc_encrypted): Move show_session_key code to ...
	* g10/decrypt-data.c (decrypt_data): here.

2013-12-10  Werner Koch  <wk@gnupg.org>

	Update config.{guess,sub} and some copyright notices.
	+ commit 4466fdba7bb4cac0b5c4a21b98903bb7f27fd9d9
	* scripts/config.guess, scripts/config.sub: Update to version
	2013-11-29.

2013-12-05  Werner Koch  <wk@gnupg.org>

	Prepare for newer automakes which default to parallel tests.
	+ commit 9b516323d7dc3e6103745becb63f5cc9fd8cc606
	* checks/Makefile.am: Add a list of test dependencies.

2013-12-03  Werner Koch  <wk@gnupg.org>

	Normalize the MPIs used as input to secret key functions.
	+ commit d0d72d98f34579213230b3febfebd2fd8dff272b
	* cipher/rsa.c (secret): Normalize the INPUT.
	(rsa_decrypt): Pass reduced data to secret.
	* cipher/elgamal.c (decrypt): Normalize A and B.
	* cipher/dsa.c (sign): Normalize HASH.

	Use blinding for the RSA secret operation.
	+ commit 93a96e3c0c33370248f6570d8285c4e811d305d4
	* cipher/random.c (randomize_mpi): New.
	* g10/gpgv.c (randomize_mpi): New stub.
	* cipher/rsa.c (USE_BLINDING): Define macro.
	(secret): Implement blinding.

2013-11-27  Werner Koch  <wk@gnupg.org>

	gpg: Change armor Version header to emit only the major version.
	+ commit b135372176b29ca985afa18398a455fd4e2a2063
	* g10/options.h (opt): Rename field no_version to emit_version.
	* g10/gpg.c (main): Init opt.emit_vesion to 1.  Change --emit-version
	to bump up opt.emit_version.
	* g10/armor.c (armor_filter): Implement different --emit-version
	values.

2013-10-18  Werner Koch  <wk@gnupg.org>

	mpi: mpi-pow improvements.
	+ commit cad8216f9a0b33c9dc84ecc4f385b00045e7b496
	* mpi/mpi-pow.c (USE_ALGORITHM_SIMPLE_EXPONENTIATION): New.
	(mul_mod) [!USE_ALGORITHM_SIMPLE_EXPONENTIATION]: New.
	(mpi_powm) [!USE_ALGORITHM_SIMPLE_EXPONENTIATION]: New implementation
	of left-to-right k-ary exponentiation.

	Print the keyid for key packets with --list-packets.
	+ commit 0bdf121d1dcf98d7df28af67272caaac07f6f581
	* g10/parse-packet.c (parse_key): Add keyid printing.

2013-10-11  Werner Koch  <wk@gnupg.org>

	mpi: Fix syntax error for mips64 and gcc < 4.4.
	+ commit 9d89564a4255d58b7e26c6845bcea69ec5b0214f
	* mpi/longlong.h [__mips && gcc < 4.4]: Fix cpp syntax error.

	gpg: Do not require a trustdb with --always-trust.
	+ commit 2528178e7e2fac6454dd988121167305db7c71d9
	* g10/tdbio.c (tdbio_set_dbname): Add arg R_NOFILE.
	* g10/trustdb.c (trustdb_args): Add field no_trustdb.
	(init_trustdb): Set that field.
	(revalidation_mark):  Take care of a nonexistent trustdb file.
	(read_trust_options): Ditto.
	(get_ownertrust): Ditto.
	(get_min_ownertrust): Ditto.
	(update_ownertrust): Ditto.
	(update_min_ownertrust): Ditto.
	(clear_ownertrusts): Ditto.
	(cache_disabled_value): Ditto.
	(check_trustdb_stale): Ditto.
	(get_validity): Ditto.
	* g10/gpg.c (main): Do not create a trustdb with most commands for
	trust-model always.

2013-10-04  Werner Koch  <wk@gnupg.org>

	Release 1.4.15.
	+ commit 8707657fe635b50a5e1a4ed804ea2645c1427ac6


	doc: Update from master.
	+ commit f5c32bd1c6416c97762d7960c94d6f536e259cfa


	gpg: Print a "not found" message for an unknown key in --key-edit.
	+ commit 4a06d9a600def07fdcbb9a6a9500776767d3c2f4
	* g10/keyedit.c (keyedit_menu): Print message.

	gpg: Protect against rogue keyservers sending secret keys.
	+ commit d74dd36c11f1643bd92efb50714e2448cdb885d0
	* g10/options.h (IMPORT_NO_SECKEY): New.
	* g10/keyserver.c (keyserver_spawn, keyserver_import_cert): Set new
	flag.
	* g10/import.c (import_secret_one): Deny import if flag is set.

2013-10-04  Daniel Kahn Gillmor  <dkg@fifthhorseman.net>

	gpg: Allow setting of all zero key flags.
	+ commit fe0fb5e6b0bb351eb6244e290e112a22a68472d8
	* g10/keygen.c (do_add_key_flags): Do not check for empty key flags.
	(cherry picked from commit b693ec02c467696bf9d7324dd081e279f9965151)
	(cherry picked from commit dd868acb0d13a9f119c0536777350a6c237a66a1)

2013-10-04  Werner Koch  <wk@gnupg.org>

	gpg: Distinguish between missing and cleared key flags.
	+ commit 27d0f32f77fbef59ddf7c6d79b5b4adee6b2e6ac
	* include/cipher.h (PUBKEY_USAGE_NONE): New.
	* g10/getkey.c (parse_key_usage): Set new flag.

	keyserver: Allow use of cURL's default CA store.
	+ commit 69088ac76fd4b9f303edf3c1453088dda8596399
	* keyserver/gpgkeys_curl.c (main): Set CURLOPT_CAINFO only if a file
	has been given.
	* keyserver/gpgkeys_hkp.c (main): Ditto.

	gpg: Limit the nesting level of I/O filters.
	+ commit f10b184e48015f30849d7611bd9654ed23b91211
	* until/iobuf.c (MAX_NESTING_FILTER): New.
	(iobuf_push_filter2): Limit the nesting level.

2013-10-02  Werner Koch  <wk@gnupg.org>

	gpg: Fix bug with deeply nested compressed packets.
	+ commit d90a1d23404f482cc4a5a2b2ee0f296d67ff2227
	* g10/mainproc.c (MAX_NESTING_DEPTH): New.
	(proc_compressed): Return an error code.
	(check_nesting): New.
	(do_proc_packets): Check packet nesting depth.  Handle errors from
	check_compressed.

2013-09-16  Werner Koch  <wk@gnupg.org>

	Fix bug in mpi_tdiv_q_2exp.
	+ commit 9dc6dd0572102a2fa27df28ba4d66728827eb03d
	* mpi/mpi-internal.h (MPN_COPY_INCR): Make it work.

2013-08-30  Werner Koch  <wk@gnupg.org>

	gpg: Use 2048 as the default keysize in batch mode.
	+ commit 6ed7056197e7ede1305b25457e4633c4ac4301d4
	* g10/keygen.c (gen_elg, gen_dsa, gen_rsa): Set default keysize to
